“On Monday, a much anticipated hearing in the case between Apple and the FBI over access to a dead terrorism suspect’s iPhone was canceled after the FBI claimed that an ‘outside party’ had surfaced with a potential method for bypassing the phone’s lock screen without Apple’s help,” Joshua Kopstein and Emanuel Maiberg report for Motherboard.
“On Wednesday, the Yedioth Ahronoth newspaper reported that outside party as being Cellebrite, an Israeli phone forensics firm, attributing the information to ‘sources in the field/industry well acquainted with the subject,'” Kopstein and Maiberg report. “Haaretz reported that ‘While the Cellebrite executives would not comment on the San Bernardino case, they indicated they are confident that a completely hack-proof phone has not been invented yet and that they would eventually be able to unlock any existing system on their own.'”
Kopstein and Maiberg report, “Leeor Ben-Peretz, executive vice president of products and business development for mobile forensics at Cellebrite told Haaretz, ‘The level of complexity is exponential and it’s at a point that it’s getting difficult — but if anyone can do it, it’s us.'”
Read more in the full article here.
MacDailyNews Take: Apple should simply buy Cellebrite and other entities like it and task these newly acquired engineers with hardening iPhone to ridiculously hack-proof levels.
Apple should most certainly not buy Cellebrite as Apple would then own the means to defeat the security on iPhones and would not be able to claim that it cannot unlock them.
The existence of Cellebrite as a third party company is very advantageous for Apple.
So long as there is a third party service that can perform this task for a significant fee, there is a valid alternative to forcing Apple to weaken it’s encryption. Apple can also refer foreign governments to this company if necessary and wash it’s hands of the whole iPhone unlocking crap.
The fact that it takes physically handing an iPhone to a highly specialised laboratory without equal in the US to circumvent the iPhone security is quite a testimonial to Apple’s security.
You will note that there is no backlog of Android phones waiting to be cracked – law enforcement agencies can do that in-house and without delay.
alanaudio – thanks for a voice of reason. This is a game. The best way to win it is for Apple to continue to strengthen their security and allow others to attempt to crack their hardware/software. Then when others succeed, learn how to harden their kit even more. Others will try again, succeed. Then Apple will learn again. This is the game cat/mouse. If Apples plays the game they stay at the top without the government hassles. And we the users of Apple devices are constantly reaping the rewards of the best security in the business.
Agree with a lot of what you said.
But this thing is getting crazy – a foreign company says they can hack into our phones – when even the company says they can’t – and no one has a problem with this?
Do we really want a foreign company doing this?
I really hope questions keep being asked, because we really need to have a broader discussion and write some laws about this.
They don’t say that they can successfully hack into ALL iPhones, merely that they can hack into ( some ) iPhones.
Until we find out about the results, there’s a lot of ambiguity about what might actually be possible. It could be that Cellebrire might not be able to properly crack this iPhone, but it’s still a useful fig leaf to protect the dignity of the FBI, rather than lose the case in court. They might find it convenient that criminals believe that iPhones are now vulnerable, even if they’re not.
With regards to laws, exactly how do you make laws that apply to a foreign country?
Who exactly said anything about trying to make laws that apply to a foreign country?
We need laws in this country – so our Government knows what it can & cannot do.
No one said anything about trying to make laws for other countries.
Some interesting comments botoncandy:
“a foreign company says they can hack into our phones – when even the company says they can’t – and no one has a problem with this?”
I don’t but I’m from a different country that the one that Apple has as headquarters.
“Do we really want a foreign company doing this?” We sure do, especially if that country is a threat to global security.
“Who exactly said anything about trying to make laws that apply to a foreign country?” I think that was inferred by your first post.
Basically a company can hack into devices from other countries. It’s something that Snowden has revealed about one country and I’m sure others are doing the same.
“We need laws in this country – so our Government knows what it can & cannot do.”
Apparently you do, that’s what the court case was all about.
Well considering that the evidence of “a possible way to break into the iPhone in question” cites Cellbrite’s ability to break iOS 4 in the FBI’s latest court submissions…they’ve chosen a weak wimp of an excuse to back out of the mess they created.
Great PR for Cellbrite but wtf makes them believe they can break iOS 9 with the equivalent of a hammer used to open the wooden box that constituted iOS 4?
Whatever…Comey is now securely wedged in shit creek, having hitched his horse to a boulder heading to the riverbed of shattered dreams. When (if?) he comes back to court in a couple of weeks, most of his options will have evaporated.
Karma
Aaand… this is why we can’t have nice things.
There’s always some a**hole who thinks they have a ‘right’ to get into someone else’s stuff, just because they can.
Hacking is not illegal you know…apart from the fact that security implementation is enhanced by the hacking community’s ‘testing’ of every device produced by human hands, to determine if what it says on the tin…is indeed the case.
Would you trust any company – not just Apple, to be outright truthful if your life depended on it?
Systems analysis >> hacking by another name.
Aircraft flight tests >> ****ditto****
Component stress testing >> ****ditto****
Public and private transport vehicles safety testing ****ditto****
Everything, yes…everything…has to undergo stringent testing/hacking to satisfy myriad verification procedures put in place by legislation and insurance requirements.
My business produces a range of components going into underwater oil and gas extraction. You would not believe some of the tests they dream up to ensure at a minimum, 99.999999% reliability where even a simple repair can cost multi £M . I was approached a few years ago by a UK NASA sub-contractor, to produce 50 identical components for a pump – 40 of which were to be “Tested to Destruction” with a variance of less than 2% at failure point, and all had to fail in the same way. They also expected me to front up the cost of said destruction tests, so I declined.
You really need to get out and see how companies are required to make ‘you’ safe and secure.
Every Apple store has a Cellbright machine. It is used to move contacts from non Apple cellphones.
Like most tasks in the world, “I think that should be easy to do” is not the same as “I’ve actually done it”. This company has more credibility than John McAfee, but I wonder if the FBI is talking to the executives (who sometimes make big claims) or the engineers who actually do the work.
I wonder if this is the same company that provides Apple with the device they use in store to transfer data from one phone (any make pretty much) to the iPhone. It is called a cellabrite if I remember correctly. Maybe that’s why McAfee said Apple would be unhappy.
The phone number transfer software comes from Cellebrite Mobile Synchronization LTD, while the forensics side is handled by Cellebrite’s Mobile Forensics division, which is an entirely different and independent division within the group. The entire Cellebrite group is a wholly owned subsidiary of the Sun corporation in Japan.
Cellebrite’s Mobile Forensics division distribute the ‘Universal Forensic Extraction Device’ (UFED) which is used by some government agencies around the world.
Any bets as to the FBI getting the data and the most important piece of information on the phone is a recipe for lasagna.
This case might start up a whole new wave of suicide chefs, who leave an iPhone to be discovered after they have done their business. They know that the paranoids will spend massive amounts of time and money to decrypt their phone hoping to get information about the doomsday device, only to get recipes for lasagna.
They’d only have themselves to blame.
This sounds exactly like what every “government contractor” says.
This all about getting paid and paid handsomely by a government. I’d bet the contract will say they get a percent up front and get paid in full even if they don’t succeed.
What a load of crap.