While rumor has been rife that it was Israeli security firm Cellebrite that helped the FBI unlock the cellphone of San Bernardino shooter Syed Rizwan Farouk, an observant Twitter user has uncovered a piece of evidence that makes it almost certain that the Petah Tikva-based firm was behind the hack.
A search of the General Services Administration website — which lists all public expenditures in the US — indicates that the FBI signed a contract with Cellebrite in late March for “information technology software services,” at a cost of $15,278.02 to the federal government.
How did the FBI get to Cellebrite? Very possibly by reading the Israeli firm’s website, which plainly states that the company is able to do exactly what the US agency was seeking to accomplish.
“Cellebrite’s Advanced Investigative Services (CAIS) offers global law enforcement agencies a breakthrough service to unlock Apple devices running iOS 8.x,” says the site. “This unique capability is the first of its kind — unlocking Apple devices running iOS 8.x in a forensically sound manner and without any hardware intervention or risk of device wipe.”
Neither the FBI nor Cellebrite is likely to ever confirm whether it was the Israeli firm that cracked the code on the infamous iPhone belonging to Farouk, the terrorist who shot up a medical center in San Bernadino, California, on December 2, 2015, killing 14 people. Among the pieces of evidence seized by the FBI after the attack was the cellphone, but with both Farouk and his wife, Tashfeen Malik, killed as a result of the attack, the code necessary to unlock the phone was unavailable.
Usually when a hacker — or a government — wants to break into a device, they run a code-breaking program that tries all the different combinations of numbers that could be used (there were a million such combinations of the six-digit code needed to unlock the shooter’s iPhone 5C). The problem with the iPhone is that, after 10 incorrect attempts, the phone shuts itself down and renders itself useless.
The FBI asked Apple for help and was turned down firmly. Turning the case into a cause célèbre for privacy, Apple CEO Tim Cook in a letter to customers said that the FBI’s demand that Apple help unlock the phone was “an unprecedented step which threatens the security of our customers.”
In a “chilling” precedent,” said Cook, “the government would have us remove security features and add new capabilities to the operating system, allowing a pass code to be input electronically. This would make it easier to unlock an iPhone by ‘brute force,’ trying thousands or millions of combinations with the speed of a modern computer.”
Doing so would give the government “the power to reach into anyone’s device to capture their data. The government could extend this breach of privacy and demand that Apple build surveillance software to intercept your messages, access your health records or financial data, track your location, or even access your phone’s microphone or camera without your knowledge,” wrote Cook.
FBI signed a contract with iPhone-cracking firm Cellebrite the day it told the court it found an "outside party" pic.twitter.com/LoN9Wm3cCQ
— Janus Kopfstein (@zenalbatross) March 23, 2016
The government was ready to drag Apple into court when suddenly, on March 21, the FBI asked the court to call off the hearing that had been scheduled for that day on the matter.
That day, there were numerous reports in the world media that the FBI had used technology by Israeli security firm Cellebrite to break into the iPhone. Finally, on March 28, the agency announced that the “alternative methods” it had employed to unlock the phone had succeeded, and it vacated its petition against Apple to force the company to help out.
“The government has now successfully accessed the data stored on Farook’s iPhone and therefore no longer requires the assistance from Apple, Inc. mandated by Court’s Order,” according to the FBI filing.
The filing does not say why or how the FBI changed its mind. But a search of the GSA website, which lists all contracts and expenditures undertaken by the Federal government, provides a broad hint. Twitter user @zenalbatross tweeted out the search form, which clearly shows the FBI signing a contract with Cellebrite on March 21.
That said, there was some back-and-forth among Twitter users as to whether that contract was specifically to crack the San Bernardino iPhone or more broadly for a license renewal for FBI machines in Chicago — but it makes clear that the FBI was aware of Cellebrite, and presumably of its iPhone-unlocking powers.
As the company says on its website, “One of the greatest challenges faced in the forensic industry today is the need to quickly access mobile device evidence from locked Apple devices running iOS 8,” according to Cellebrite. “Even with the most sophisticated mobile forensics tools and technology available, additional expertise and skills are required to unlock these devices. Cellebrite has a unique unlock capability for devices running iOS 8.x that will provide you with unprecedented access to evidence you can stand behind.”
That was exactly what the FBI was looking for.