Posts Tagged ‘iPhone’

That iPhone the FBI (Israelis) cracked – “contains nothing of significance”

April 15, 2016

Much ado …. full of sound and fury … signifying nothing.

So, Syed Farook’s iPhone that Apple refused to unlock, which the FBI took Apple to court for, which was finally cracked by an Israeli company working for the FBI, contained nothing of any significance. Still, I suppose the FBI and Apple (and the Israeli security company Cellebrite) have all had their time strutting and fretting on the stage, and all publicity is good publicity.

But the FBI come out of this looking petty and silly.

CBS News: 

A law enforcement source tells CBS News that so far nothing of real significance has been found on the San Bernardino terrorist’s iPhone, which was unlocked by the FBI last month without the help of Apple.

It was stressed that the FBI continues to analyze the information on the cellphone seized in the investigation, senior investigative producer Pat Milton reports. Investigators spent months trying to gain access to data on the locked iPhone used by San Bernardino gunman Syed Rizwan Farook, believing that it might hold information on the plans or contacts of the attackers, who killed 14 people on December 2, 2015.

Apple was fighting a court order to assist the FBI in bypassing the phone’s security measures. On March 28, the FBI announced that it had managed to unlock the phone and was dropping the court fight with Apple.

The FBI has not disclosed what method it used to access the data on the iPhone but the method is believed to have been developed by a third party, a private entity, the government has refused to identify.

FBI Director James Comey said last week that the bureau has not decided whether to share details with Apple about how it hacked into Farook’s iPhone 5c. “If we tell Apple, they’re going to fix it and we’re back where we started,” Comey said. “As silly as it may sound, we may end up there. We just haven’t decided yet.”

As The Register points out the FBI were more interested in attacking Apple and actually did not expect to find anything. They probably always knew that Cellebrite could get into the phone but dinät reveal that to support their position in court:

The news will not come as much of a surprise to anyone who has followed the case: the phone in question was one of three used by Farook. It was his work phone and was owned by his employer, the health department.

His two personal phones were found by investigators, crushed and dumped in a trash can at his house. Since Farook had clearly gone to some trouble to destroy any digital evidence (he also smashed up hard drives and other digital media), the fact that the iPhone in question was recovered intact made it highly unlikely that it held anything of real value.

Regardless, the FBI used the existence of the phone and the shocking nature of the crime to wage a public war with Apple over encryption and access to electronic goods. Having mistakenly caused the phone’s cloud storage to be reset (some doubt it was a mistake), the FBI applied through the courts to force Apple to develop a way for it to pull all the information of the phone.

The court served an injunction but Apple refuse to honor it, claiming that the request effectively obliged it to break its own product’s security and would have implications far beyond the single phone.

Following a very public spat in which Apple refused to back down, and voices in Washington starting to criticize the FBI for trying to seek a legal precedent rather than solve a crime, the day before a legal hearing on the matter, the FBI suddenly announced it had found a third party that was able to grant it access to the phone’s data.


 

Israeli company cracks Apple iPhone for FBI

March 29, 2016

iphone seThe FBI has now dropped its lawsuit against Apple because they have managed to crack the encryption on the  iPhone of the San Bernardino gunman without Apple’s help. Clearly the Israeli company Cellebrite has succeeded where the FBI’s own experts had failed.

The question now becomes what Apple will do about this demonstrated vulnerability. Perhaps they have already eliminated the weakness in their new models after the iPhone 5S? Added to their latest fiasco with their OS 9.3 download, Apple “technology” is not riding very high right now.

The Verge:

Cellebrite, an Israeli mobile forensic software company, is reportedly helping the FBI get into Syed Farook’s device, according to reports from Reuters and Ynet.

The FBI “has been reportedly using the services of the Israeli-based company Cellebrite in its effort to break the protection on a terrorist’s locked iPhone, according to experts in the field familiar with the case,” Ynet reports. The Verge reached out to Cellebrite yesterday afternoon for comment and hasn’t yet heard back. ……. The company has a sole-source contract with the FBI that it signed in 2013 specifically to help with mobile forensics and data extraction, exactly the task presented by the San Bernardino case. …..

In its notice of intent to sole source, the FBI wrote: “Market research efforts have indicated that the Cellebrite UFED System is the only hand-held, cellular exploitation device worldwide that requires no PC or associated phone drivers.” It continued that the company supports “all major technologies (DMA, CDMA,GSM, IDEN) including smartphone operating systems and PDAs (Apple iPhone, Blackberry, Google Android, Microsoft Mobile, Palm, and Symbian) for over 95 percent of all handset models worldwide.”

………. experts speculate the attack is based on a NAND mirroring technique, which involves essentially copying the flash memory of the device so it can be restored after a lockscreen wipe. US Representative Darrel Issa directly asked FBI Director James Comey about the possibility of using this technique during a House Judiciary hearing last month. The bureau is now well aware of its existence, and there’s no reason to believe it won’t work on the iPhone 5C in question. Notably, this method will run into problems on phones with a Secure Enclave, ruling out any phones beyond the 5S.

UFED-Touch

UFED-Touch

Some of Cellebrite’s promotional material on their UFED:

Cellebrite’s UFED Pro Series

With mountains of data being created via mobile device applications daily – Facebook, Twitter, Kik, Snapchat, etc. – forensic examiners need quick and efficient ways to tap into rapidly expanding data sources when a situation demands. Our UFED Pro Series is designed for forensic examiners and investigators who require the most comprehensive, up-to-date mobile data extraction and decoding support available to handle the influx of new data sources.

UFED Ultimate

UFED Ultimate enables the physical, logical and file system extraction of all data and passwords – even deleted – from the widest range of mobile phones, portable GPS devices and tablets. The powerful combination of proprietary boot loaders, UFED Physical Analyzer, UFED Phone Detective and UFED Reader, enables advanced decoding, mobile phone detection, data analysis and reporting every time.


 


%d bloggers like this: