FBI Can Keep Details of iPhone Hack Secret, Rules Judge

The FBI doesn't have to identify the company it contracted to unlock an iPhone used by one of the shooters in the 2015 California terror attack that killed 14 people, a federal judge ruled on Saturday (via Politico).

Three news organizations – USA Today, Associated Press, and Vice Mediasued the FBI last year under the Freedom of Information Act (FOIA) to try to force the agency to reveal the name of the company and the amount it was paid to unlock the device.

In the original complaint, the news organizations argued that the public had a right to know how the government spent taxpayer funds in the case. They also claimed the existence of a flaw in the iPhone could be a danger to the public. However, U.S. District Judge Tanya Chutkan ruled this weekend that the information is exempt from mandatory disclosure under the government transparency law.
In her ruling, released Saturday night, Chutkan said the identity of the firm that managed to unlock the iPhone and the price it was paid to do so are classified national security secrets and constitute intelligence sources or methods that can also be withheld on that basis. She also ruled that the amount paid for the hack reflects a confidential law enforcement technique or procedure that is exempt from disclosure under FOIA.
A battle between Apple and the FBI began in early 2016 when Apple refused to help the government unlock shooter Syed Farook's iPhone 5c under the belief that it could set a bad precedent for security and privacy. The FBI didn't know what was on the device at the time, but believed that any information gathered could potentially help move the case of the San Bernardino attack forward in meaningful ways.

To break into Farook's iPhone 5c, the FBI later employed the help of "professional hackers" and reportedly paid upwards of $1.3 million for a tool exploiting a security vulnerability, a figure arrived at based on comments made by then-FBI director James Comey. The agency said it was not able to share with Apple the hacking methods used because it did not own the rights to the relevant technical details regarding the purchased technique.

The FBI has said the method used to break into the iPhone 5c does not work on the iPhone 5s and later, but it can be used to access iPhone 5c devices running iOS 9. It later revealed after the hack that nothing on the phone relevant to the investigation was found.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Tag: Apple-FBI

Discuss this article in our forums

Senator Reveals FBI Paid $900K for Hacking Tool Used to Open San Bernardino Shooter’s iPhone

A year after the public disagreement between Apple and the FBI, which centered on the passcode-locked iPhone 5c of the San Bernardino terrorist, one of the major questions remains how much the United States government and the FBI paid for the tool it used to crack open the iPhone. That question became so focused upon that a trio of news organizations filed a lawsuit to find out the exact amount that the tool cost the FBI.

Speculation in the midst of the Apple-FBI drama placed the price of the tool at upwards of $1.3 million, and then somewhere below $1 million. A recent statement by senator Dianne Feinstein appears to confirm the latter estimation, with Feinstein revealing that the U.S. government paid $900,000 to break into the locked iPhone 5c. The classified information came up during a Senate Judiciary Committee oversight hearing, where Feinstein was questioning FBI director James Comey (via The Associated Press).

Senators Charles Grassley and Dianne Feinstein
"I was so struck when San Bernardino happened and you made overtures to allow that device to be opened, and then the FBI had to spend $900,000 to hack it open," said Feinstein, D-Calif. "And as I subsequently learned of some of the reason for it, there were good reasons to get into that device."
In the ongoing lawsuit filed by the Associated Press, Vice Media, and Gannett, the organizations cite the Freedom of Information Act: "Release of this information goes to the very heart of the Freedom of Information Act's purpose, allowing the public to assess government activity - here, the decision to pay public funds to an outside entity in possession of a tool that can compromise the digital security of millions of Americans." The FBI has repeatedly argued that the number should stay classified.

Despite the ongoing legal battles that the Apple-FBI event sparked, last year the FBI reported that it found "nothing of real significance" after it had gained access to the iPhone 5c, providing answers to some questions about the terrorist attack but generating no solid leads. In regards to the third party who was paid the $900,000 for the hacking tool, it's been widely reported that Israeli firm Cellebrite was the FBI's source, but a more informal group of professional hackers has also been suggested.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Tags: FBI, Apple-FBI

Discuss this article in our forums

Cellebrite Says it Now Supports ‘Lawful Unlocking’ of iPhone 6 and Older Models

Cellebrite director of forensic research Shahar Tal recently tweeted out that the company's Advanced Investigative Service can now unlock and extract the full file system for the iPhone 6 and iPhone 6 Plus (via CyberScoop). To date, CAIS "supports lawful unlocking and evidence extraction" from the following iPhone generations: 4s, 5, 5c, 5s, 6, and 6 Plus. No mention has been made whether or not the developer has attempted to unlock newer-generation iPhones, including the iPhone 6s, 6s Plus, 7, or 7 Plus.


The company reportedly charges $1,500 to unlock an individual phone and $250,000 for a yearly subscription to the data extracting service. In addition to the basic system and user data it can get, the hack also targets various apps within the iPhone, including personal data stored in Uber, Facebook, Chrome, and some dating apps.

At the same time this week, Cellebrite announced the next generation of its "Content Transfer" tool, which will allow retailers and operators to fully duplicate a customer's existing iPhone onto a brand new iPhone at an average content transfer speed of 1GB per minute. The developer said this should reduce wait times in stores while also pleasing anxious customers worried about losing data when upgrading to a new iPhone generation.

Cellebrite said the most important settings get transferred in the process, including wallpaper, alarm settings, weather, photos, videos, contacts, and apps. Not included are account passwords, Wi-Fi settings, health data, and website history. The company plans to hold a demonstration of the Full Transfer service for iPhones at Mobile World Congress in Barcelona, which runs next week from February 27 – March 2.
“With content transfer speeds averaging 1 GB per minute, this new service is a complete game changer.” said Yehuda Holtzman, CEO of Cellebrite Mobile Lifecycle. “With Full Transfer, the average iPhone customer with 10GB of personal data can walk out of the store with a mirror-image of their old iPhone in just 10 minutes, offering customer experience that’s far superior to anything else available today.”
Although the developer has been most recognizably in the public eye for its relation to the Apple-FBI drama and its smartphone-cracking expertise, Cellebrite also offers a collection of services for retailers and businesses. Cellebrite Touch2 and Cellebrite Desktop power in-store smartphones and desktop computers, respectively, with software that the company claims offers flexibility by operating through a store's existing IT infrastructure to "deliver a fast, consistent service."


Earlier in February, Cellebrite found itself at the hands of a hacker when someone stole and publicly released a cache of Cellebrite's most sensitive data, including tools it uses to get into older iPhones. The hacker shared the data on Pastebin, intending to highlight the importance of the inevitability that any brute force tools aimed at bypassing encryption software "will make it out" into the public -- a prime fear of Apple CEO Tim Cook when the FBI originally demanded the company create a backdoor into the San Bernardino shooter's iPhone 5c last year.


Discuss this article in our forums

News Organizations Refocus FBI Lawsuit to Question Cost of San Bernardino iPhone Hack Tool

A trio of news organizations -- consisting of the Associated Press, Vice Media, and Gannett -- have petitioned a judge in the United States to force the FBI to reveal the exact amount of money it paid for the technology used to crack open an iPhone used by San Bernardino shooter Syed Farook (via BBC).

The same group of news organizations sued the FBI last September to gain more information about how exactly the FBI entered the iPhone, what "outside party" helped with the process, and how much the government paid for it. The new filing appears to tone down that original lawsuit with a focus on the amount spent on the hack tool, and not how it works or who exactly provided it.


Although the FBI never confirmed the rumors, it was widely reported that Israeli mobile software developer Cellebrite was hired to get into Farook's iPhone 5c. A price for the developer's services has only ever been speculated upon.

According to the court filing acquired by the BBC, the three news organizations claim that there is "no adequate justification" for the FBI to continue to withhold the information related to the cost of opening the iPhone. The information they ask for is also specified as not a risk to national security if it does become public, as they simply want "to learn more about the circumstances surrounding the event."
"While it is undisputed that the vendor developed the iPhone access tool, the government has identified no rational reason why knowing the vendor's identity is linked in any way to the substance of the tool, much less how such knowledge would reveal any information about the tool's application," lawyers for the news organisations wrote in the filing to the US District Court in Washington.

"Release of this information goes to the very heart of the Freedom of Information Act's purpose, allowing the public to assess government activity - here, the decision to pay public funds to an outside entity in possession of a tool that can compromise the digital security of millions of Americans."
Back in the midst of the story's development, the identity of the contractors for the iPhone hack was said to be a closely held secret within the FBI, with FBI director James Comey even in the dark as to who exactly was hired to break into the iPhone. While many reports referenced Cellebrite, another suggested it was instead done with the help of "professional hackers," consisting of a "gray hat" researcher who sells flaws to governments, black market groups, or companies that create surveillance tools.

Even though the case is still one of interest among both parties, towards the end of the drama last year the FBI claimed that it found "nothing of real significance" in Farook's iPhone, stating that it answered a few questions about the San Bernardino shooting but provided no new leads.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Tag: Apple-FBI

Discuss this article in our forums

Hacker Leaks Cellebrite’s iOS Bypassing Tools, Tells FBI ‘Be Careful What You Wish For’

It's been nearly a year since a U.S. federal judge originally ordered Apple to help the FBI hack into an iPhone owned by Syed Farook, one of the shooters in the December 2015 attacks in San Bernardino. As we learned in the months after the initial court order -- which Apple continually opposed -- the FBI enlisted the help of Israeli mobile software developer Cellebrite to open up the iPhone 5c in question.

Now a hacker has reportedly stolen and publicly released a cache of Cellebrite's most sensitive data, including its tools used to hack into older iPhones, as well as Android and BlackBerry smartphones (via Motherboard). Techniques that the firm uses to open "newer iPhones" were not included in the public posting, but it's also not clear exactly which models of iPhone are considered "older." Farook's iPhone 5c, which launched in 2013, is likely in that category.


Apple's main stance against the court order last year was its fear that creating such an operating system that bypassed the iPhone's basic security features -- essentially creating a "master key" for all iOS devices -- would set a "dangerous precedent" for the future of encryption and security. The bypass could also potentially make its way into the public and affect hundreds of millions of Apple customers, with Apple CEO Tim Cook claiming that the software the FBI wanted to use to force open Farook's iPhone was "the equivalent of cancer."

As pointed out by Motherboard, the newly leaked tools "demonstrate that those worries were justified." According to the hacker in question who shared Cellebrite's tools on Pastebin, the purpose behind the leak was to highlight the importance of the inevitability that any brute force tools aimed at bypassing encryption software "will make it out" into the public.
"The debate around backdoors is not going to go away, rather, its is almost certainly going to get more intense as we lurch toward a more authoritarian society," the hacker told Motherboard in an online chat.

"It's important to demonstrate that when you create these tools, they will make it out. History should make that clear," they continued.
Back in January the same hacker stole 900GB of sensitive Cellebrite data, but according to a Cellebrite spokesperson, only its customers' "basic contact information" had been put at risk. Delving into the cache of information, it was proven that the breach had uncovered much more detailed "customer information, databases, and a vast amount of technical data regarding Cellebrite's products."

In a README file posted alongside the more recent data dump on Pastebin, the hacker in question left a message directly addressing the FBI: "@FBI Be careful in what you wish for."

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums

Hacker Leaks Cellebrite’s iOS Bypassing Tools, Tells FBI ‘Be Careful What You Wish For’

It's been nearly a year since a U.S. federal judge originally ordered Apple to help the FBI hack into an iPhone owned by Syed Farook, one of the shooters in the December 2015 attacks in San Bernardino. As we learned in the months after the initial court order -- which Apple continually opposed -- the FBI enlisted the help of Israeli mobile software developer Cellebrite to open up the iPhone 5c in question.

Now a hacker has reportedly stolen and publicly released a cache of Cellebrite's most sensitive data, including its tools used to hack into older iPhones, as well as Android and BlackBerry smartphones (via Motherboard). Techniques that the firm uses to open "newer iPhones" were not included in the public posting, but it's also not clear exactly which models of iPhone are considered "older." Farook's iPhone 5c, which launched in 2013, is likely in that category.


Apple's main stance against the court order last year was its fear that creating such an operating system that bypassed the iPhone's basic security features -- essentially creating a "master key" for all iOS devices -- would set a "dangerous precedent" for the future of encryption and security. The bypass could also potentially make its way into the public and affect hundreds of millions of Apple customers, with Apple CEO Tim Cook claiming that the software the FBI wanted to use to force open Farook's iPhone was "the equivalent of cancer."

As pointed out by Motherboard, the newly leaked tools "demonstrate that those worries were justified." According to the hacker in question who shared Cellebrite's tools on Pastebin, the purpose behind the leak was to highlight the importance of the inevitability that any brute force tools aimed at bypassing encryption software "will make it out" into the public.
"The debate around backdoors is not going to go away, rather, its is almost certainly going to get more intense as we lurch toward a more authoritarian society," the hacker told Motherboard in an online chat.

"It's important to demonstrate that when you create these tools, they will make it out. History should make that clear," they continued.
Back in January the same hacker stole 900GB of sensitive Cellebrite data, but according to a Cellebrite spokesperson, only its customers' "basic contact information" had been put at risk. Delving into the cache of information, it was proven that the breach had uncovered much more detailed "customer information, databases, and a vast amount of technical data regarding Cellebrite's products."

In a README file posted alongside the more recent data dump on Pastebin, the hacker in question left a message directly addressing the FBI: "@FBI Be careful in what you wish for."

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.


Discuss this article in our forums