The FBI abruptly halted its heated case against Apple on Monday, citing a new break-in method from an unnamed "outside source." In the days since, the security industry has been puzzling over the identity of that mysterious source. But now, the mask is being lifted. Cellebrite, an Israeli mobile forensic software company, is reportedly helping the FBI get into Syed Farook’s device, according to reports from Reuters and Ynet.
The FBI "has been reportedly using the services of the Israeli-based company Cellebrite in its effort to break the protection on a terrorist's locked iPhone, according to experts in the field familiar with the case," Ynet reports. The Verge reached out to Cellebrite yesterday afternoon for comment and hasn’t yet heard back.
The company has a sole-source contract with the FBI
If true, Cellebrite’s role in helping the FBI wouldn’t come as a shock. The company has a sole-source contract with the FBI that it signed in 2013 specifically to help with mobile forensics and data extraction, exactly the task presented by the San Bernardino case. Some also speculated the late-night hack discovery, which came in Sunday evening, was most likely reported by a company in a European or Mediterranean time zone.
In its notice of intent to sole source, the FBI wrote: "Market research efforts have indicated that the Cellebrite UFED System is the only hand-held, cellular exploitation device worldwide that requires no PC or associated phone drivers." It continued that the company supports "all major technologies (DMA, CDMA,GSM, IDEN) including smartphone operating systems and PDAs (Apple iPhone, Blackberry, Google Android, Microsoft Mobile, Palm, and Symbian) for over 95 percent of all handset models worldwide."
Cellebrite's UFED System supports all major technologies
Though Ynet didn’t go into detail about how Cellebrite is working around the iPhone’s built-in security measures, experts speculate the attack is based on a NAND mirroring technique, which involves essentially copying the flash memory of the device so it can be restored after a lockscreen wipe. US Representative Darrel Issa directly asked FBI Director James Comey about the possibility of using this technique during a House Judiciary hearing last month. The bureau is now well aware of its existence, and there’s no reason to believe it won’t work on the iPhone 5C in question. Notably, this method will run into problems on phones with a Secure Enclave, ruling out any phones beyond the 5S.