Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Iphone Encryption Government Handhelds IOS Networking Operating Systems Privacy Security Software The Courts The Internet United States Apple News Your Rights Online Build Hardware

FBI Hires Cellebrite To Crack San Bernadino iPhone (reuters.com) 237

tlhIngan writes: Earlier this week, the FBI asked the court for a continuance so it could do some research into a proposed method of cracking the [iPhone belonging to one of the San Bernardino, California shooters]. It turns out the FBI has contracted Cellebrite for $15,000 to break into the phone. Cellebrite is an Israeli software provider specializing in mobile phone forensics software. If they succeed, it would mean Apple would no longer need to be involved.
This discussion has been archived. No new comments can be posted.

FBI Hires Cellebrite To Crack San Bernadino iPhone

Comments Filter:
  • by Joe_Dragon ( 2206452 ) on Wednesday March 23, 2016 @03:55PM (#51764325)

    apple can pull some DCMA BS and sue them. Now will they be that much of a dick?

    • by Lumpy ( 12016 ) on Wednesday March 23, 2016 @04:18PM (#51764551) Homepage

      I for one hope so. The DMCA is a piece of shit legislation, and if apple uses it it will be the only time it is used properly. to poke a stick in the eye of government goons.

      • by silas_moeckel ( 234313 ) <silas&dsminc-corp,com> on Wednesday March 23, 2016 @04:26PM (#51764599) Homepage

        Have fun with that. THEM Hey FBI can ya get me a court order to do this? FBI Sure here ya go. The judge said I could is a rather good defence for a civil issue.

        • by MobyDisk ( 75490 ) on Wednesday March 23, 2016 @05:41PM (#51765199) Homepage

          The judge can't compel you to do something illegal. Neither can a police officer.

          • by Etcetera ( 14711 ) on Wednesday March 23, 2016 @05:58PM (#51765307) Homepage

            The judge can't compel you to do something illegal. Neither can a police officer.

            That's begging the question slightly. "Following the directions of a peace officer" in an emergency is on the rulebooks in most states. This is why a cop can flip traffic around and tell you to go the wrong way down a one-way street because there's an accident in an intersection, despite the presence of a marked "One way" sign, which is usually what wrong-way laws are keyed off.

            Don't confuse "illegal" with "unsafe" or "unreasonable"... The latter standards apply more broadly.

          • DCMA would be civil a judges order for a criminal case provides pretty good cover. As far as criminal the state can grant you immunity.

            • by AmiMoJo ( 196126 )

              Can they even use it against a foreign company? I've been ignoring (or occasionally mocking if I'm in the mood) DMCA notices I receive because I'm not in the US and it doesn't apply to me. As a side note it's amazing how many companies don't seem to get that.

      • So, what would you like a changed DMCA to be like? Should host sites be legally liable for user-supplied content, which means they wouldn't dare use any? Should copyright holders be unable to challenge mass infringements of their copyright? Please explain.

      • Comment removed based on user account deletion
      • DCMA...
        Not as interesting solution as patching the vulnerability shortly
        after this phone gets hacked.

        It appears to me that as an Israeli company they are far enough from US law
        that they could be a vent for a secret NSA/CIA method and secret. They are
        also far enough to make it hard for a US court to compel them to act.

        The $15,000 price tag seems low for anything involving software.
        Might be OK for a hardware hack that begins with a slurp of the
        data from the RAM. As a qualified forensic service, data retenti

    • by SeaFox ( 739806 )

      But Celebrite is the one cracking the phone. Would an Israeli company be punishable under the DMCA?

    • apple can pull some DCMA BS and sue them.

      You think? The DMCA does try to ban circumvention of security measures that are used to protect copyright, but I don't think that's the case here. The DMCA doesn't ban general breaking of security.

      • apple can say that by hacking the system people can get apps / moves / music / etc for free from the app store or use this to by pass the DRM and get the files out with them being DRM locked.

        • by Sneftel ( 15416 ) on Wednesday March 23, 2016 @05:03PM (#51764933)

          Cute, but no. Sayeth the DMCA:

          Law Enforcement, Intelligence, and Other Government
          Activities.--This section does not prohibit any lawfully authorized
          investigative, protective, information security, or intelligence
          activity of an officer, agent, or employee of the United States, a
          State, or a political subdivision of a State, or a person acting
          pursuant to a contract with the United States, a State, or a political
          subdivision of a State..

          • Re: (Score:2, Interesting)

            by Sneftel ( 15416 )

            Whoops, meant to reply to the grandparent post. Though I guess it works here too.

      • by mysidia ( 191772 )

        The DMCA does try to ban circumvention of security measures that are used to protect copyright, but I don't think that's the case here.

        The DRM effectively prevents access to the firmware binary code.... note that in no case can a normal user get access to the firmware code, let alone see it and patch it; without circumventing effective controls.

        Modifying the code in memory is also an exercise of the copyright owner's exclusive right to prepare derivative works.

        • The DRM effectively prevents access to the firmware binary code

          Not the code that needs to be bypassed.

          Modifying the code in memory is also an exercise of the copyright owner's exclusive right to prepare derivative works.

          Assuming they have to modify it, which isn't necessarily the case.

      • The DMCA doesn't ban general breaking of security.

        You might be confusing facts with feelings..

        • The DMCA doesn't ban general breaking of security.

          You might be confusing facts with feelings..

          Nope. I can point you to the relevant text if you like.

    • You don't want that. The DMCA prevents bypassing encryption to violate copyright. Since the phone belongs to the San Bernardino County government, the copyright for whatever is stored on there belongs to them. So there's no copyright violation. (Or more precisely, since they're a government agency, there is no copyright. Whatever they recover from the phone could be obtained by anyone with a FOIA request.)

      If you argue it's somehow violating Apple's copyright, you're essentially saying Apple holds th
    • by Sneftel ( 15416 ) on Wednesday March 23, 2016 @05:06PM (#51764951)

      Cute, but no. Sayeth the DMCA:

      Law Enforcement, Intelligence, and Other Government
      Activities.--This section does not prohibit any lawfully authorized
      investigative, protective, information security, or intelligence
      activity of an officer, agent, or employee of the United States, a
      State, or a political subdivision of a State, or a person acting
      pursuant to a contract with the United States, a State, or a political
      subdivision of a State..

    • by mark-t ( 151149 ) <marktNO@SPAMnerdflat.com> on Wednesday March 23, 2016 @05:26PM (#51765089) Journal
      It wouldn't matter, 17 U.S. Code S 1201 SS e covers that:

      This section does not prohibit any lawfully authorized investigative, protective, information security, or intelligence activity of an officer, agent, or employee of the United States, a State, or a political subdivision of a State, or a person acting pursuant to a contract with the United States, a State, or a political subdivision of a State.

  • by Krishnoid ( 984597 ) on Wednesday March 23, 2016 @03:57PM (#51764359) Journal

    Stimulating the global economy. Win-win!

  • Israel (Score:2, Interesting)

    by Anonymous Coward

    How is it that tiny little war torn Israel always seems to have the latest in technology that we can't seem to get here in America?

    • Re:Israel (Score:4, Funny)

      by Anonymous Coward on Wednesday March 23, 2016 @04:01PM (#51764399)

      Because to live there you can't be a fucking pussy.

    • How is it that tiny little war torn Israel always seems to have the latest in technology that we can't seem to get here in America?

      Heh. Basically you just asked why you're ignorant.

    • Re:Israel (Score:5, Insightful)

      by Grishnakh ( 216268 ) on Wednesday March 23, 2016 @04:19PM (#51764557)

      No, actually they don't. You don't see commercial airliners (or military planes for that matter), ships, cars (including EVs), appliances ("durable goods"), semiconductors, mobile phones, or really almost any kind of manufacturing in Israel, except a couple of firearms makers maybe. They do do a lot with IP however; several semiconductor companies have design centers there.

      It's true, Israel does have some impressive and unique technologies developed there, compared to its size and its state of security. A lot of their technology is military-oriented, for obvious reasons. They've done an impressive job of building a 1st-world nation (economically speaking) in a small place which used to be nothing special less than a century ago. But "the latest in technology"? No, sorry. They are not self-sufficient in any sense. They can't even make many of the weapons systems that defend them; they buy them from the US (e.g. fighter jets).

      • Re:Israel (Score:5, Informative)

        by serbanp ( 139486 ) on Wednesday March 23, 2016 @07:49PM (#51765981)

        You don't see commercial airliners (or military planes for that matter), ships, cars (including EVs), appliances ("durable goods"), semiconductors, mobile phones, or really almost any kind of manufacturing in Israel

        That's factually not true. TowerJazz (a top-ten pure-play manufacturer) has two modern fabs in Israel and the almighty #1 (intel) has two more in that country.

    • Re:Israel (Score:5, Insightful)

      by sixsixtysix ( 1110135 ) on Wednesday March 23, 2016 @04:59PM (#51764899)
      because we give them billions every year?
    • Re: (Score:3, Insightful)

      by Quzak ( 1047922 )
      Because of all the money the US gives to them...you know...instead of upkeep on our infrastructure.
  • by JoeyRox ( 2711699 ) on Wednesday March 23, 2016 @03:58PM (#51764375)
    The irony is sweet with this one:

    http://www.bloomberg.com/news/... [bloomberg.com]
  • by bsDaemon ( 87307 ) on Wednesday March 23, 2016 @04:00PM (#51764395)

    There must not be too much secret sauce involved if they're going to do it that cheaply.

    While that listing shows that they have bought SOMETHING from Cellbrite, I think I'd like to see a little more evidence before I'm convinced that this shows they hired Cellbrite to hack the San Bernardino iPhone. https://www.fpds.gov/ezsearch/... [fpds.gov] shows that the Secret Service bought $781k worth of something from them on the 10th of March.

    A single FPDS entry doesn't really mean anything.

  • $15,000 (Score:3, Insightful)

    by wisnoskij ( 1206448 ) on Wednesday March 23, 2016 @04:00PM (#51764397) Homepage

    Wow, they should of asked for more. They would of had to pay 10 times, at least, that in any sort of legal battle.

    • A reusable capability would cost more. Cracking one phone without revealing the methods for $15k would be marketing.

    • Re:$15,000 (Score:5, Insightful)

      by Thelasko ( 1196535 ) on Wednesday March 23, 2016 @04:19PM (#51764559) Journal

      Wow, they should of asked for more. They would of had to pay 10 times, at least, that in any sort of legal battle.

      Cellebrite will likely reap 100 times that much in new business from the publicity this generates. It's not always about making a quick buck, but about making millions of bucks over the longer term.

  • Chain of custody? (Score:2, Interesting)

    by hawguy ( 1600213 )

    How do you maintain chain of custody of the evidence if you hand it over to a company that's not governed by our laws?

    If the Israeli company recovers data that gives them leads to other suspected terrorists, does the FBI have legal authority to pursue those leads when the information was "extracted" by a foreign company and it may or may not be fabricated? The only proof that they have that the information was really on the phone is because this company said so.

    • by Lumpy ( 12016 ) on Wednesday March 23, 2016 @04:20PM (#51764563) Homepage

      Chain of custody does not matter in regards to TERRORISM.... and if you are against that then you hate america.

    • by swb ( 14022 )

      Seriously? They'd fly these guys into the US and make them do the work here.

      I would doubt these guys get to do anything that isn't overseen by 20 FBI agents at all times.

      It wouldn't be at all surprised if they didn't have a diplomat from the Israeli embassy as some kind of observer as well.

    • by Registered Coward v2 ( 447531 ) on Wednesday March 23, 2016 @04:26PM (#51764609)

      How do you maintain chain of custody of the evidence if you hand it over to a company that's not governed by our laws?

      If the Israeli company recovers data that gives them leads to other suspected terrorists, does the FBI have legal authority to pursue those leads when the information was "extracted" by a foreign company and it may or may not be fabricated? The only proof that they have that the information was really on the phone is because this company said so.

      There is no need for maintaining a chain of custody unless it will be used as evidence. Since anything from this phone would most likely be used to identify potential suspects or persons of interest what they get is no different than any other tip.

    • Re:Chain of custody? (Score:5, Informative)

      by Shawn Willden ( 2914343 ) on Wednesday March 23, 2016 @04:40PM (#51764723)

      How do you maintain chain of custody of the evidence if you hand it over to a company that's not governed by our laws?

      That's not a problem, for at least two reasons.

      First, chain of custody doesn't matter unless you want to use the information recovered as evidence in a trial. If you just use it to generate leads which you then use to find other suspects and evidence, then it's irrelevant if chain of custody was maintained.

      Second, chain of custody is easy to maintain. Location and nationality don't affect chain of custody. What matters is that you have a documented chain and can prove that custody was maintained and access was controlled at each step. Worst case is that employees of the Israeli company may have to fly to the US and testify in court to substantiate the chain of custody, and to explain how they extracted the information. I'm sure the company would be happy to do that if the FBI paid them to (which would be an additional fee).

      • I'm sure the company would be happy to do that if the FBI paid them to (which would be an additional fee).

        Reminds me of an oldie but a goody from Red vs. Blue [youtube.com]...

        Starts at 5:10

      • According to the court documents, the entire purpose of cracking this phone is to determine if charges need to be brought against other people. In other words the intent IS to use this in a criminal trial if such cooperation is found on the phone.

        The FBI and half the world has been arguing both sides of this. The FBI says in court documents they absolutely need this to find out if there are other conspirators. In public they talk about needing the ability to combat terrorism. Both arguments are lies, this i

        • According to the court documents, the entire purpose of cracking this phone is to determine if charges need to be brought against other people. In other words the intent IS to use this in a criminal trial if such cooperation is found on the phone.

          Your second sentence doesn't follow from your first. Yes, they're (allegedly) looking for conspirators. But information on the phone could identify conspirators without providing evidence against them that can be used to convict them. For example, it could just contain their e-mail addresses or phone numbers. That would be useless in court, but useful to investigators who would then look into the identified individuals and seek to gather evidence. With or without a tight chain of custody, information on the

    • by AHuxley ( 892839 )
      The idea was to conscript a method for a generation of phones so the US federal law enforcement and US state/federal task forces could stand before any open US court and present all material found on any generation of cell phone.
      The created master key could then be understood by all in a public court setting any tech experts could track back any methods to their origins and go over all findings.
      Thats why the very public gov conscripted master key was attempted. The public chain of custody idea was push
  • Only $15,000???? (Score:5, Insightful)

    by gurps_npc ( 621217 ) on Wednesday March 23, 2016 @04:10PM (#51764477) Homepage

    All that bullshit because the FBI wanted to save $15 thousand dollars?

    Someone should be fired for such a dramatically bad decision as fighting it out in the court of public opinion, let alone federal court.

    • by PCM2 ( 4486 ) on Wednesday March 23, 2016 @04:18PM (#51764547) Homepage

      All that bullshit because the FBI wanted to save $15 thousand dollars?

      On the other hand, $15,000 is pretty damn cheap for a global marketing campaign. When Cellebrite can't crack the iPhone, the bullshit will get cranked up to fever pitch.

    • All that bullshit because the FBI wanted to save $15 thousand dollars?

      Someone should be fired for such a dramatically bad decision as fighting it out in the court of public opinion, let alone federal court.

      The more likely explanation - for both this and several other related news items - is that the FBI isn't particularly competent.

    • by cant_get_a_good_nick ( 172131 ) on Wednesday March 23, 2016 @04:34PM (#51764663)

      No.

      the FBI wanted to save 15,000 x A_LOT_OF_PHONES. Also, if the exploit is the NAND copy exploit as thought, newer phones can't be hacked this way, 15,000 or no.

      They wanted to set a precedent. There's ton of iPhones out there waiting to be cracked. Remember these are the guys that run Stingrays without telling you.

      As far as the Public Opinion goes, they just guessed wrong. Here's a phone, probably with nothing useful on it. But TERRORISM!!! MUSLIMS!!!! We still have some aspects of the P.AT.R.I.O.T. A.C.T (i write it that way because the back-ronym was silly) around because we were scared then. They thought that Apple would fold, and the public would all support the hack. They guessed wrong.

      • They thought that Apple would fold, and the public would all support the hack. They guessed wrong.

        Majority of public != Majority of Slashdotters

        They guessed wrong on Apple folding, but every poll I read about had a clear majority of the US public favoring the hack being done. Do many of you here even have any kind of relationship with people who aren't in IT? I mean I know we joke about guys living in their mom's basement and playing video games all day, but time and time again folks here assume incorrectly that the vast majority if the American public supports their personal stances on various i

    • by bloodstar ( 866306 ) <blood_starNO@SPAMyahoo.com> on Wednesday March 23, 2016 @04:46PM (#51764759) Journal
      No, the $15K is to justify dropping the case by rending the whole situation moot and save the FBI from having a court decision against them. A court decision against them would resonate for years, so you drop the case, avoid that precedent. Then pick a different case against a company who doesn't have great lawyers. Win that case, and there you go, precedent that favors you.
  • Sounds illegal in both national and international levels, but I am still waiting for the encryption ban after this.

    Imagine every LEO calling a mumble "Encryption" or "Code". Everything not understood must be encrypted. Remember the gang signs lockup for waving? Any files on your phone must be plain, and in all languages or it must be hidden messages. New tools for racists or classist members of LE or Government.

  • It is hard to imagine that Cellebrite has a method that doesn't involve the well discuessed method of physically reading the serial off the chip. Perhaps the FBI sees it as a win win situation. They already have admitted that its unlikely there is much of use on the phone. If it works they have a company that has proven itself proficent at this sort of hacking and if it doesn't, it strengthens their legal argument against Apple
  • I wonder if the FBI understands that this should be as embarrassing for them as the O.J. Simpson evidence cock up. It'll work for them this time, but due to their poor handling of evidence in this case, in the future, it will be borderline impossible to decrypt phones even with Apple's help.
    • you and I and 99.99% of everyone else here has NO IDEA what the truth is.

      it could be that the fbi already has the data, but they are trying for court precidents. could be that the nsa already has the data. could be that apple has a friendly relationship (at the most secret level) with feds and yet keeps a two-face story going.

      not one single person here (who would be dumb enough to post) has any clue at all.

      we are wasting our time even talking about such things.

      and, would I buy a 'secure' iphone, now? I

  • Just because the FBI contracts with a company or individual does not mean that criminal and civil laws do not apply. Breaking the encryption for one iPhone lowers the value of every iPhone as well as damaging the brand name. If it would be illegal for me to crack into a phone then it would be equally illegal for a contractor or even the FBI itself to do the same thing.
    • by J053 ( 673094 )

      Not when the relevant law (DMCA in this case) explicitly says it does not apply to law enforcement or intelligence agencies. The law doesn't mean just what you want it to mean, it means what it actually says.

  • And then let Apple pay them $20,000 to show them how they did it, so Apple can plug that vulnerability too.
    That being said, I'm less worried about there being a way to hack a device if the hack requires physical possession.
    It's remote carte blanche access I that concerns me the most.

  • Earlier this week, the FBI asked the court for a continuance so it could do some research into a proposed method of cracking the [iPhone belonging to one of the San Bernardino, California shooters].

    Why are you putting that in brackets?

    Usually brackets like this indicate an alteration to a quote for clarity or taste, such as 'The defendant stated that he had "never seen the stupid [female dog]"'

    If you're not linking to something from which this can be seen to be a quote, why are you putting the brackets in? It's not helpful.

  • Pick up the phone and call Geohot!

    https://www.youtube.com/watch?... [youtube.com] :P

  • Isn't there some diet pill which will eliminate cellebrite?
  • This is a RUMOR that I do not have concrete information on.
    However,...

    I've read at least twice, that the perps deliberately physically destroyed their personal phones. The phone in question is a business phone. The likelyhood of anything being on this phone is very very slim. Simply by the fact they had the sense to kill the other phone, it implies this one is super likely to be empty.

    May not be the actual case and could be untrue, but if it is, all this is likely to be for nothing.

  • by CanEHdian ( 1098955 ) on Wednesday March 23, 2016 @08:21PM (#51766177)

    Cellebrite.iPhorensics.Suite.Government.and.Law.Enforcement.Edition.x64.v1.02.incl.Keygen.-.CoRE

    Now every kiddie can haXX0r da iPhonez

  • The description clearly reads:

    IGF::OT::IGF UFED software renewals for seven machines.

    I'm not an expert, I just clicked the link that read "View" to see the details.

    $15k sounds about right for software licensing to me, how exactly do you get them hacking the iPhone in question from that?

"Conversion, fastidious Goddess, loves blood better than brick, and feasts most subtly on the human will." -- Virginia Woolf, "Mrs. Dalloway"

Working...