DriveSavers at 2016 National Cyber Crime Conference April 25–27

nccc-2013

Norwood, MA • April 25–27

Massachusetts Attorney General’s Office is hosting the 2016 National Cyber Crime Conference in Norwood, MA. The conference will feature three tracks of instruction: a track for prosecutors, a track for investigators and a track for digital evidence forensic examiners.

Visit DriveSavers at booth #21 to speak directly with Rene Novoa, certified forensic investigator and DriveSavers Senior Manager of eDiscovery and Digital Forensics. Ask about some of the incredible cases DriveSavers has helped to solve!

Learn more about the National Cyber Crime Conference or register to attend.

CBS News: FBI paid more than $1M for San Bernardino iPhone "hack"

Originally published by CBS News.

The FBI said that using third-paries is not the only solution for breaking into encrypted phones.

FBI Director James Comey alluded to the fact the bureau paid more than $1 million for the method used to disable the security feature of the San Bernardino shooter’s iPhone.

At an Aspen Institute discussion in London, Comey said the FBI paid more money than he would make in the time left as FBI director. He has over seven years left on his term and makes roughly just under $200,000 a year based on public files.

“How much did you pay for this software?” Comey was asked.

” A lot,” he said

“Really?”

“More – let’s see. More than I will make in the remainder of this job, which is seven years and four months, for sure,” Comey said.

” Wow.”

“And so it’s a – but it was in my view, worth it, because it’s a tool that helps us with a 5c running iOS9, which is a bit of a corner case, increasingly as the devices develop and move on to the 6 and 6s and whatnot and iOS’s change, but I think it’s very, very important that we get into that device.” Comey said.

He did not give a more specific figure.

A law enforcement source told CBS News last week that so far nothing of real significance has been found on the San Bernardino terrorist’s iPhone, which was unlocked by the FBI last month without the help of Apple.

It was stressed that the FBI continues to analyze the information on the cellphone seized in the investigation, senior investigative producer Pat Milton reported.

Investigators spent months trying to gain access to data on the locked iPhone used by San Bernardino gunman Syed Rizwan Farook, believing that it might hold information on the plans or contacts of the attackers, who killed 14 people on December 2, 2015.

Apple was fighting a court order to assist the FBI in bypassing the phone’s security measures. On March 28, the FBI announced that it had managed to unlock the phone and was dropping the court fight with Apple.

The FBI has not disclosed what method it used to access the data on the iPhone but the method is believed to have been developed by a third party, a private entity, the government has refused to identify.

Comey said two weeks ago that the bureau has not decided whether to share details with Apple about how it hacked into Farook’s iPhone 5c.

“If we tell Apple, they’re going to fix it and we’re back where we started,” Comey said. “As silly as it may sound, we may end up there. We just haven’t decided yet.”

The bureau has told local police departments that it will help them unlock cellphones in cases where it could provide evidence, CBS News John Blackstone reported.

But cracking the code is easier said than done.

When the FBI launched its search for a way to unlock Farook’s iPhone 5c, the technicians at a California company called Drivesavers were among those who took up the challenge. They have plenty of experience rescuing broken iPhones.

“You know, we see anywhere from a 100 to 300 iPhones a month right now,” Michael Cobb, Drivesavers’ director of engineering, told CBS News.

Cobb said his team can remove the chip that holds a phone’s encrypted data — but they can’t just read what is on it.

“The encryption is not simple to retrieve,” he said.

A company the FBI has not identified found a way around Apple’s encryption. The effort at Drivesavers shows what they had to overcome. Try the wrong password too many times and the phone wipes its memory clean.

“In the case of the 5c, you only have 10 attempts before the iPhone gets erased,” Cobb explained.

To make sure the chip doesn’t get erased, they copy it. Then put it in a device they’ve created that simulates an iPhone but lets them reset the chip’s password counter to zero after every ten attempts.

“It all depends on how fast you would be able to pull the data off, make that copy, do your 10 attempts,” Cobb said.

Drivesavers hasn’t yet defeated Apple’s password protection, but over the past 30 years, they have retrieved information from computers that have been burned, broken and deliberately smashed.

While law enforcement comes looking for evidence, many of Drivesavers’ clients are family members trying to recover the messages and photographs of a loved one who has died — leaving behind their phone, but not their password.

Read more: http://www.cbsnews.com/news/fbi-paid-more-than-1-million-for-san-bernardino-iphone-hack-james-comey/

Proposed Encryption Legislation and What it Means

By Scott Moyer, DriveSavers President

Unless you are just this moment rejoining society after months spent stranded on a technology-free desert island, you are well aware of the recent controversial disagreement between the FBI and Apple involving an iPhone 5C that once belonged to San Bernardino shooter, Syed Rizwan Farook.

Amidst this highly publicized dispute, Sen. Richard Burr, R-N.C., and Sen. Dianne Feinstein, D-CA., have begun preparing a bill to be proposed to the U.S. Senate. If passed, the law will be titled the “Compliance with Court Orders Act of 2016.”

We’ve read through a draft of the bill in circulation in order to determine how it may affect DriveSavers. Here’s our take.

What the Bill Proposes

If passed, this Act would require that all original manufacturers of hardware (devices) and software (programs) recover readable data from any device when served a court order to do so. It also requires that this be completed in “a timely manner.”

The bill does not require that manufacturers provide the government or any government entity with the tools or knowledge used to access encrypted devices or software, just that encrypted data be rendered unencrypted and readable in a timely fashion whenever a court order is served. As we understand this bill, any methods could remain secret and proprietary to the manufacturers themselves.

Reading Between the Lines

Current encryption technology has been developed so that only the owner of a device has access to that device. Just like a construction company does not have keys to each building it has built, not even a manufacturer can pick up an encrypted laptop or smartphone and just open it up without the owner of the device providing the key. And just like with a building, the owner can change that key and lock any time.

If a construction company wanted to maintain a way into a building even after it has been sold, the company would need to build a secret door that even the owner of the building does not know the location of. Otherwise, the new owner of the building could simply change the lock and the construction company would not be able to get in. The issue of manufacturers accessing encrypted devices after sale is similar.

At DriveSavers, we believe there is theoretically a way into any device, regardless of the quality of the encryption technology. However, the way into most encrypted devices has not yet been discovered, even by the companies that created them. If the way in is not already known, it could take years of research and development to figure it out, and years longer to actually complete implementation and then access the decrypted data.

Requiring that manufacturers access data from a device quickly any time a court order is served means that, like a construction company that wants to be able to freely enter buildings after they have been sold, manufacturers must begin building secret ways into their encrypted devices and software. Secret decryption paths, known as “backdoors”, would then allow them timely entry to devices whenever court orders are served.

As stated above, the bill does not require that manufacturers provide the government or any government entity with the tools or knowledge to use any backdoor built into encrypted devices or software, just that encrypted data be rendered unencrypted and readable in a timely fashion whenever a court order is served. As we understand this bill, any backdoor could remain secret and proprietary to the manufacturers.

It is important to note that the mere existence of a backdoor, whether the details are public or not, increases the likelihood that non-manufacturers could discover this method of accessing an encrypted device through standard research and development. It is also important to note that each new release of a device, software or operating system could theoretically carry with it a different backdoor from the previous, making it more difficult—but not impossible—for an outside party to decipher the way into such a device.

What About Currently Existing Devices and Software?

Will manufacturers be required to develop backdoor solutions for devices already in the market? Or only for those not yet available to the public? This is just one question that this proposed bill raises.

We do not know if all currently existing encryption technologies can have backdoors programmed into them. True, software encryption could theoretically be changed through a software update; however, what about hardware encryption? For example, hard drives currently exist that require separate physical components be brought together (referred to as a “handshake”) in order to decrypt the data they hold. Can a backdoor be built to enter these super secure devices? If not, will manufacturers be held accountable anyway?

We speculate that firmware could theoretically be updated to accept a different handshake, but we don’t know for certain that this is true or how the firmware could be injected into a locked device.

How Data Recovery and Digital Forensic Firms may be Affected

Third parties would not likely be directly served this type of court order. Instead, data recovery and digital forensic companies may only be approached in cases where there is physical damage to a device that a manufacturer does not have the tools to bypass. In such instances, a third-party data recovery or digital forensic firm would likely be hired to pull a complete image from the device, still encrypted. This encrypted image would then be provided back to the manufacturer to unlock using their built-in backdoor.

There are a couple ways this bill may affect those of us with robust research and development teams, such as DriveSavers. If a backdoor is built into a device or software, we can potentially discover and open it, allowing us greater opportunities for data recovery in the, unfortunately, common situation where a family is trying to access a deceased loved one’s device. This bill would also present greater opportunity for companies like DriveSavers to help law enforcement in identifying and prosecuting criminals.

Of course, if there’s something we can figure out, there are likely others out there with the potential to also figure it out—sometimes, people who we wish wouldn’t. As with everything, there’s a good side and a bad side to this bill. We’ll just have to wait and see where it leads.

HR.BLR.com: eDiscovery 101 for Human Resources

Originally published by HR.BLR.com.

electronic discovery

By Rene Novoa, senior manager of eDiscovery and Digital Forensics

In today’s digital world, it’s increasingly common for businesses to go “paperless.” Oftentimes, the conversion to digital includes documentation prepared and maintained by human resource (HR) departments. These documents could include everything from handbooks and company policies to employee reviews and payroll documentation.

Choosing to keep important files and documents stored in computers, rather than file cabinets, has many benefits, including search-friendliness and storage efficiency. Electronically gated and stored files also include metadata that keeps track of when, how, and by whom the files were created, modified, viewed, transmitted, and deleted—potentially useful information that is unavailable in paper form.

Although going paperless with company data has many benefits, these benefits also present new challenges when it comes to data organization and preservation, especially in the event of an HR-related lawsuit.

In the event that a possible HR-related lawsuit is on the horizon, HR is often responsible for preserving and providing all relevant company data from each of the devices where that data may live. The preservation of digital communications, including internal e-mail and social media posts, can also create large volumes of data that may be important in employee-related litigation.

This is where eDiscovery comes in.

What is eDiscovery?

eDiscovery, or electronic discovery, is the process of sifting through a large amount of data and finding any pieces that may be relevant to a specific legal action or dispute. This process is called upon when electronically stored information (ESI) must be provided for use in litigation, a lawsuit, or an investigation, such as the alleged unlawful firing of an employee. eDiscovery may also be used to find data related to suspected employee misconduct.

Some of the possible HR-related scenarios or allegations that would require eDiscovery include:

  • Employee misconduct
  • Employer misconduct
  • Employment discrimination
  • Worker safety and OSHA compliance
  • Employee privacy
  • Negligent hiring
  • Negligent retention
  • Harassment
  • Retaliation
  • Union relations
  • Copyright infringement
  • Theft of company property, physical or intellectual
  • Defamation (of an employee or of the company)

When pending or actual litigation arises, it is important for the HR department, as the primary caretaker of ESI, to understand how and where the data is stored. The goal is to allow the company to identify and access relevant data as fast and efficiently as possible. This process is most effective when the HR and IT departments work together with in-house and/or outside legal counsel and an eDiscovery service.

Preparing for eDiscovery

eDiscovery doesn’t have to be scary. Some simple proactive measures, known as information governance (IG), can make the eDiscovery process both more streamlined and effective, should the need arise.

Work with your IT department to put the following IG policies into place:

1. Develop an ESI lifecycle plan

Learn and keep track of how long your company is legally required to maintain specific files. Use that information to develop a plan for storing ESI that must be retained and for destruction of data once its retention period has ended.

2. Use current storage technology

Oftentimes, technology moves forward more quickly than your files. Be sure to always keep all data on current devices. You do not want important data to get trapped on obsolete technology, such as floppy disks.

3. Be organized

Making sure that file names and folder names are clear and easy to understand ensures that the correct ESI can be located quickly when needed. It helps to decide on a naming convention and stick to it.

Anybody tasked with searching your company’s ESI should be able to answer the following questions:

  • Who has access to this file?
  • What is this information?
  • Where is this information stored?
  • When was this file created or last modified?
  • Why is this information being retained?
  • How is this data being stored/protected?

4. Security

Maintain proper cybersecurity that conforms to government or industry regulations. Install appropriate firewalls, password protection, encryption, and other measures as detailed in published industry regulations and as recommended by your company IT or chief security officer (CSO).

5. Back it up

The court is not kind to those who have lost relevant data due to hard drive crash and ineffective backup. Maintain and regularly test effective data backup measures. Loss of relevant data due to a hard drive crash and ineffective backup has been cause for spoliation fines.

6. Educate

Make sure any person who has access to data that must be maintained for legal or regulatory purposes has full understanding of company IG policies as they relate to the data that person wishes to access. For example, a manager must be aware of IG policies as they relate to employee reviews. A payroll clerk must be aware of IG policies as they relate to final paychecks.

Keep these policies in mind. When it comes to eDiscovery, the best advice we have for HR professionals is to be prepared. Consider identifying an eDiscovery partner and legal counsel and retaining these partners before the need arises. Your eDiscovery partner, along with your company’s IT department, can help to develop a plan and workflow for each possible situation. Arming yourself with a basic understanding of eDiscovery and a plan should allow everything to go smoothly.

Rene Novoa is a certified forensic investigator and manager of eDiscovery and digital forensics at DriveSavers. Since joining DriveSavers in 2001, Novoa has performed data recovery on thousands of storage devices plagued with mechanical failures, physical damage and logical corruption. Over the past 5 years, he has focused his efforts on developing proprietary forensic processes for failed devices. His understanding of emerging technologies helps solve new forensic challenges. Rene manages high-level client relationships and is the Vice President of the North Bay HTCIA chapter.

Read more: http://hr.blr.com/HR-news/HR-Administration/Employee-Privacy/eDiscovery-101-Human-Resources/

New Advancements in Bitlocker Data Recovery Capabilities

bitlocker

With new tools and techniques developed by DriveSavers, we help security conscious companies using Bitlocker encryption to regain access to their data and get back to business quickly.

DriveSavers has been recovering data from Bitlocker encrypted drives since its inception in 2004. However, new proprietary advancements now allow DriveSavers to overcome additional obstacles and recover data even in cases of corrupt or damaged encrypted volumes.

Locked out of Bitlocker? We can save it!

Learn more about DriveSavers business disaster recovery.

Learn more about DriveSavers High Security Service.

CBS Evening News: How the FBI may have Hacked into San Bernardino Shooter's iPhone

Originally published by CBS Evening News.
By John Blackstone

 

NOVATO, Calif. –The FBI, along with some outside help,unlocked an iPhone used by one of the San Bernardino terrorists this week.
The bureau has told local police departments that it will help them unlock cellphones in cases where it could provide evidence.

But cracking the code is easier said than done.

When the FBI launched its search for a way to unlock Syed Farook’s iPhone 5c, the technicians at a California company called Drivesavers were among those who took up the challenge. They have plenty of experience rescuing broken iPhones.

“You know, we see anywhere from a 100 to 300 iPhones a month right now,” Michael Cobb, Drivesavers’ director of engineering, told CBS News.

Cobb said his team can remove the chip that holds a phone’s encrypted data — but they can’t just read what is on it.

“The encryption is not simple to retrieve,” he said.

A company the FBI has not identified found a way around Apple’s encryption. The effort at Drivesavers shows what they had to overcome. Try the wrong password too many times and the phone wipes its memory clean.

“In the case of the 5c, you only have 10 attempts before the iPhone gets erased,” Cobb explained.

To make sure the chip doesn’t get erased, they copy it. Then put it in a device they’ve created that simulates an iPhone but lets them reset the chip’s password counter to zero after every ten attempts.

“It all depends on how fast you would be able to pull the data off, make that copy, do your 10 attempts,” Cobb said.

Drivesavers hasn’t yet defeated Apple’s password protection but over the past 30 years, they have retrieved information from computers that have been burned, broken and deliberately smashed.

While law enforcement comes looking for evidence, many of Drivesavers’ clients are family members trying to recover the messages and photographs of a loved one who has died — leaving behind their phone, but not their password.

© 2016 CBS Interactive Inc. All Rights Reserved.

Read more: http://www.cbsnews.com/news/how-the-fbi-may-have-hacked-into-san-bernardino-shooters-iphone/

CBS Evening News: How the FBI may have Hacked into San Bernardino Shooter's iPhone

Originally published by CBS Evening News.
By John Blackstone

 

NOVATO, Calif. –The FBI, along with some outside help,unlocked an iPhone used by one of the San Bernardino terrorists this week.
The bureau has told local police departments that it will help them unlock cellphones in cases where it could provide evidence.

But cracking the code is easier said than done.

When the FBI launched its search for a way to unlock Syed Farook’s iPhone 5c, the technicians at a California company called Drivesavers were among those who took up the challenge. They have plenty of experience rescuing broken iPhones.

“You know, we see anywhere from a 100 to 300 iPhones a month right now,” Michael Cobb, Drivesavers’ director of engineering, told CBS News.

Cobb said his team can remove the chip that holds a phone’s encrypted data — but they can’t just read what is on it.

“The encryption is not simple to retrieve,” he said.

A company the FBI has not identified found a way around Apple’s encryption. The effort at Drivesavers shows what they had to overcome. Try the wrong password too many times and the phone wipes its memory clean.

“In the case of the 5c, you only have 10 attempts before the iPhone gets erased,” Cobb explained.

To make sure the chip doesn’t get erased, they copy it. Then put it in a device they’ve created that simulates an iPhone but lets them reset the chip’s password counter to zero after every ten attempts.

“It all depends on how fast you would be able to pull the data off, make that copy, do your 10 attempts,” Cobb said.

Drivesavers hasn’t yet defeated Apple’s password protection but over the past 30 years, they have retrieved information from computers that have been burned, broken and deliberately smashed.

While law enforcement comes looking for evidence, many of Drivesavers’ clients are family members trying to recover the messages and photographs of a loved one who has died — leaving behind their phone, but not their password.

© 2016 CBS Interactive Inc. All Rights Reserved.

Read more: http://www.cbsnews.com/news/how-the-fbi-may-have-hacked-into-san-bernardino-shooters-iphone/

The Wall Street Journal: Apple Fight Sets Off Race Among Hackers

Original article published by The Wall Street Journal.

By Robert McMillan

Companies, freelance hackers are working furiously to find a way into terrorist’s iPhone

iPhone security
In recent years, Apple has forced forensics and data-recovery firms to step up their game. When it introduced iOS 8 in 2014, Apple said it would no longer have the ability to decrypt data stored on the phone.
PHOTO: GEORGE FREY/BLOOMBERG

In the days after a judge ordered Apple Inc. to help the Federal Bureau of Investigation unlock a terrorist’s iPhone, Silicon Valley giants rallied around the company. In New York, a 21-person security consultancy called Trail of Bits Inc. did something else: It tried to break into the device.

Trail of Bits is among the companies and freelance hackers who have been working furiously to find a way into the iPhone 5C used by Syed Rizwan Farook, who along with his wife killed 14 people in a Dec. 2 San Bernardino, Calif., attack.

They occupy a murky world of independent phone-hacking consultants, forensics-equipment vendors and large government contractors who specialize in the technical and often classified work that helps agencies circumvent the computer-security protections developed by companies such as Apple.

On Wednesday, Israeli newspaper Yedioth Ahronoth said Israeli forensic company Cellebrite Mobile Synchronization Ltd. was helping the FBI unlock Mr. Farook’s phone. Cellebrite, a unit of Japan’s Sun Corp., makes devices that let law enforcement extract data from mobile phones.

The disclosure came two days after U.S. District Magistrate Judge Sheri Pym suspended her order for Apple to help unlock Mr. Farook’s phone, as the Justice Department evaluated what it said was a new technique that it learned about Sunday.

On its website, Cellebrite says it can retrieve data from an iPhone running iOS 8, an older version of the operating system that doesn’t include the encryption protections of iOS 9 that have befuddled the FBI with Mr. Farook’s phone.

Cellebrite has signed at least three contracts with the FBI that describe unlocking an iPhone or iPad, according to federal procurement records. One of those contracts, for $4,500 was dated Dec. 7, five days after the San Bernardino attack.

Cellebrite and the FBI declined to comment.

The company has a manufacturing facility and research operations in Israel, where it employs hundreds. It has marketing operations in the U.S., Singapore, Germany and Brazil.

For anyone who can extract data from the phone, the payoff could include a marketing bonanza, and contracts with law-enforcement agencies. “It’s something the company would become infamous for,” said Dan Guido, chief executive of Trail of Bits, which sells software and services to help companies secure their technology products. “And that kind of marketing, you just can’t buy.”

The allure of solving a problem described by the nation’s top law-enforcement agency as unsolvable motivates Mr. Guido and others. “As any hacker would attest, when someone describes a challenge as impossible, you’re motivated to prove them wrong,” he said.

Cellebrite is a large player in the digital-forensics market, while Trail of Bits focuses on research and development. “There are probably about 100 to 150 firms who are capable of doing this,” said Alex Kreilein, managing partner and chief technology officer with SecureSet LLC, a cybersecurity firm that helps startups.

Forensics and data-recovery firms have built businesses on their ability to retrieve data that appears to be unreadable. In recent years Apple has forced them to step up their game. When it introduced iOS 8 in 2014, Apple said it would no longer have the ability to decrypt data stored on the phone. The newer iOS 9 and hardware upgrades to the iPhone itself make Apple’s devices even more secure.

Mr. Guido believes that his company could gain access to the data on Mr. Farook’s phone in one to three months.

At DriveSavers Inc., another company looking for a way into the phone, director of engineering Mike Cobb says his team, too, is approaching a solution.

Both Trail of Bits and DriveSavers describe their efforts as independent of the FBI.

They may have more time to do their research. On a Monday telephone conference call with Apple and the judge in the San Bernardino case, the Justice Department said that while it was investigating a new iPhone cracking technique, it wasn’t yet certain that this technique would work.

“There have been a lot of people who have reached out to us during this litigation with proposed alternate methods, and one by one they have failed for one reason or the other,” said Justice Department attorney Tracy Wilkinson, according to a transcript of the call.

—Orr Hirschauge and Kate O’Keeffe contributed to this article.

Read more: http://www.wsj.com/articles/apple-fight-sets-off-race-among-hackers-1458776914

Re/code: How the FBI Might Be Hacking the San Bernardino iPhone Without Apple’s Help

Originally published by Re/code.

By Dawn Chmielewski

cybersecurity
Finchen / Shutterstock

Nature deplores a vacuum. So in the absence of any details about how the FBI plans to access the information locked on Syed Rizwan Farook’s iPhone without Apple’s help, forensic scientists have been filling the void with some well-informed speculation.

Forensic scientist Jonathan Zdziarski (who’s known in the hacking community as NerveGas) has suggested one theory that others in the cyber security community agree holds promise. It’s a technique called NAND mirroring — and it involves making backup copies of the phone’s memory, so the information could be quickly restored if the device slows down or attempts to wipe the data after five or 10 failed password attempts.

This sort of technique would clear the way for the kind of “brute force” attack the FBI has described in court papers, in which investigators would make thousands of guesses at a password without risking the loss of evidence.

“Think of this as a game save, like Super Mario Brothers. You want to play the same level, so you keep killing Mario to restore the game state,” Zdziarski said in an interview with Re/code.

In a blog post, he explained how it would work: The NAND chip would be removed from the device and placed in a chip reader to copy the contents of the memory. The original chip would be reattached to the phone with a harness. After 10 failed password attempts, the memory could be restored using the backup file, eliminating the risk that the data would be lost to the iPhone’s auto-erase security feature.

“This seems like a promising approach,” said Matthew Green, a noted cryptographer and assistant professor at the Johns Hopkins Information Security Institute. “The main barrier is just the ability to de-solder the Flash memory chips without damaging them, and install a device in between the phone and the chips. This isn’t easy, since the solder joints are delicate, but it doesn’t require breaking any encryption.”

Zdziarski theorizes that the mysterious “outside party” that offered the FBI a last-minute assist is an external forensic company that may be using older gear from a past version of the operating system (iOS 8). The fact that U.S. law enforcement asked for just two weeks to evaluate the technique suggests it already exists — and may indeed have already been demonstrated in a field test.

Given the timing of the offer — Sunday, days before a scheduled hearing on whether Apple could be forced to help the government hack the iPhone — Zdziarski suspects the firm is based in Europe (or, in light of a report today, Israel), where the business week would have already begun.

One U.S. data recovery firm, DriveSavers, is testing the theory. Engineering director Mike Cobb said his firm has already removed the NAND chip from an iPhone 5c — delicate work, because it’s attached by epoxy — and plans to mirror the data, reattach the chip and attempt to crack the password.

“All these things seem very doable,” said Cobb, whose company has been recovering family photos and other data from smartphones, hard drives and thumb drives for years.

But this technique has limited application — the approach wouldn’t work on newer iPhones with more rigorous security, such as the Secure Enclave.

An FBI spokesperson was not immediately available for comment.

Read more: http://recode.net/2016/03/23/fbi-hack-san-bernardino-iphone-apple/

Ars Technica: Israeli Mobile Forensics Firm Helping FBI Unlock Seized iPhone, Report Says

Originally published by Ars Technica.

by David Kravets

News comes after FBI withdrew demands for Apple to help unlock seized iPhone.

Screenshot from Cellebrite home page.
Screenshot from Cellebrite home page.

The mobile forensics firm Cellebrite of Israel is reportedly assisting the Federal Bureau of Investigation in unlocking a seized iPhone that has become the center of a legal dispute between the bureau and Apple, the Israeli paper Yedioth Ahronoth reported Wednesday.

The revelation comes two days after the US government tentatively withdrew its demands that Apple write code and assist the authorities to unlock a seized iPhone used by one of the San Bernardino County shooters. The FBI told a federal judge Monday that an “outside party demonstrated to the FBI a possible method for unlocking (Syed) Farook’s iPhone.” A federal magistrate then tentatively stayed her order demanding that Apple assist the authorities in unlocking the phone.

That same day, according to public records, the FBI committed to a $15,278 “action obligation” with Cellebrite. An “action obligation” is the lowest amount the government has agreed to pay. No other details of the contract were available, and the Justice Department declined comment. Cellebrite, however, has reportedly assisted US authorities in accessing an iPhone.

For now, US-based security experts believe that Cellebrite does have the wherewithal to perform the task.

“I’m really not at liberty to confirm the third party, but based on the techniques I’ve described in my blog on the subject, I think Cellebrite, as well as many large forensics firms like it, have the capability to perform such tasks,” forensic scientist Jonathan Zdziarski told Ars in an e-mail. “DriveSavers, for example, has released statements yesterday suggesting they’re almost there. I think the techniques are pretty straight forward for firms like these now that the tech community has had a chance to comment.”

Yedioth Ahronoth did not name its sources. Cellebrite, founded in 1999, is a subsidiary of Sun Corp. of Japan. The company did not immediately return messages seeking comment.

Read more: http://arstechnica.com/tech-policy/2016/03/israeli-mobile-forensics-firm-helping-fbi-unlock-seized-iphone-report-says/