On Monday, a much anticipated hearing in the case between Apple and the FBI over access to a dead terrorism suspect’s iPhone was canceled after the FBI claimed that an “outside party” had surfaced with a potential method for bypassing the phone’s lock screen without Apple’s help.
On Wednesday, the Yedioth Ahronoth newspaper reported that outside party as being Cellebrite, an Israeli phone forensics firm, attributing the information to “sources in the field/industry well acquainted with the subject.” Haaretz reported that “While the Cellebrite executives would not comment on the San Bernardino case, they indicated they are confident that a completely hack-proof phone has not been invented yet and that they would eventually be able to unlock any existing system on their own.” Leeor Ben-Peretz, executive vice president of products and business development for mobile forensics at Cellebrite told Haaretz, “The level of complexity is exponential and it’s at a point that it’s getting difficult—but if anyone can do it, it’s us.”
Videos by VICE
When contacted by phone, Cellebrite would not confirm the accuracy of those reports, and the FBI did not immediately respond to a request for comment.
Cellebrite’s involvement in the San Bernardino case has not yet been confirmed, however, and there is every chance that the Israeli media is inadvertently giving a PR boost to an Israeli company. However, Cellebrite has worked with the US government before and it’s an interesting example in the often overlooked market of forensics for law enforcement.
Cellebrite’s US subsidiary has taken over $2 million worth of purchase orders from the FBI since 2012
“The forensics industry has not received a lot of attention,” Christopher Soghoian, principal technologist at the American Civil Liberties Union (ACLU) told Motherboard in a phone call. “This is an industry that relies on discovering and exploiting flaws in mobile phones. There’s a lot of secrecy because each company has their secret sauce.”
Within this circle of companies, however, Cellebrite is pretty well-known when it comes to mobile phone forensics, and has a long history of working with government agencies, including the FBI.
WHAT IS CELLEBRITE?
Founded in 1999, Cellebrite focuses on digital forensics tools and software for mobile phones. According to a document on its website, Cellebrite supports intelligence services, border patrols, special and military forces, and even financial organisations in more than 100 countries. Cellebrite’s products can allegedly collect, amongst other things, location and cloud data from mobile and GPS devices, and the company claims to have an archive of 8,000 different mobile phones at its headquarters.
WHAT CAN IT DO?
One of the company’s main products, the Universal Forensics Extraction Device (UFED) Ultimate, claims to allow investigators to extract all data and passwords from phones. Another product can supposedly identify common connections between multiple devices from call logs, text messages and other data.
When it comes to iOS, a YouTube video uploaded in July 2015 demonstrates one of Cellebrite’s products for unlocking devices in several hours. The company’s site also claims that the “Cellebrite CAIS U01 service” allows the unlocking of Apple devices running iOS 8.x. This is done “in a forensically sound manner and without any hardware intervention or risk of device wipe.”
In 2014, the company’s CEO Yossi Carmil said in an interview, “iOS on the iPhone 4S and later devices have impressive security with hardware encryption, and that certainly makes our job harder, but no device is ‘bullet-proof.”
Cellebrite also offers customer support, seemingly in a similar way to companies such as Italian surveillance company Hacking Team; where engineers can be on call to deal with customer queries.
WHO HAS CELLEBRITE WORKED WITH?
According to public records, Cellebrite’s US subsidiary has taken over $2 million worth of purchase orders from the FBI since 2012. Interestingly, a purchase order with the agency for $15,278.02 for “software renewals for seven machines” was signed on March 21, 2016: the same day that the Apple hearing was delayed. However, the “principal place of performance” for that order is listed as Chicago, not San Bernardino.
The company’s product was also suggested by another US agency in a recent instance very similar to the San Bernardino case.
On February 16, a warrant for the DEA was approved to search an iPhone 6, according to independent journalist Marcy Wheeler. In the related documentation, a DEA agent writes that a search would be attempted with a “CelleBrite” device. What operating system that iPhone 6 was running on is unclear, and it’s also unclear if the method would actually work—but it does support the idea that Cellebrite may be the outside party that thinks it can crack the San Bernardino’s iPhone 5C.
Also according to public records, other customers of Cellebrite’s include the Office of Inspector General, the Department of Homeland Security, and the Secret Service.
The company has had some success with circumventing encryption for law enforcement before, too. In January, Motherboard reported that Dutch investigators were able to read encrypted messages sent on so-called PGP Blackberries; custom, security focused BlackBerry devices that come with an encrypted email feature. That process is carried out with a piece of software made by Cellebrite.
But the company hasn’t just worked with law enforcement or government agencies.
“Apple has a weird relationship with this company, because there are Cellebrite devices in every Apple store,” Soghoian added. This is because devices are used to take data from customers Androids phones, and easily transfer contacts and other info over to newly purchased iOS ones.
Whether the company’s tools are indeed being used to crack the San Bernardino iPhone is still unconfirmed. But either way, as the proliferation of strong, robust encryption for mobile phones continues, the forensics industry is going to be one to keep an eye on.
Joshua Kopstein and Emanuel Maiberg contributed reporting.