Thursday, March 31, 2016

Israeli Firm Has Helped The FBI Hack The San Bernardino Terrorist's iPhone



The Hill: Israeli firm helped FBI hack iPhone

The Israeli mobile forensics firm Cellebrite helped the FBI hack into the iPhone of San Bernardino shooter Syed Rizwan Farook, NBC reports, citing industry sources.

The firm has been rumored to be behind the FBI’s newfound ability to access the device, thanks to a previous and unconfirmed report from an Israeli newspaper.
Neither Cellebrite nor the Department of Justice has confirmed the reports.

The FBI has routinely contracted Cellebrite over the last five years. The company, which publicly boasts of its ability to hack into Apple devices, has received over $2 million in purchase orders from the agency since 2012.

Read more ....

WNU Editor: So much for Apple's messaging that breaking the encryption of its iPhones would be difficult.

2 comments:

Jay Farquharson said...

From this open source research, several forensic tools were developed that combined (1) the boot ROM code signing defeat, and (2) brute-force passcode guessing. Examples include the Cellebrite UFED tool and an FBI-developed tool. Both the Cellebrite13 and FBI tools utilize the boot ROM exploit, allowing iPhone 3GS and iPhone 4 devices to load and boot an unsigned RAMdisk containing code to brute force the device passcode. The passcode recovery process operated from RAM, and did not alter the system or user data area
[snip]
Apple addressed the bug, and subsequently a jailbreak (i.e., allowing code unsigned by Apple) could only occur on an iPhone after it had been booted and unlocked.

https://www.emptywheel.net

Anonymous said...

There is a current thinking that 256 bit encryption should be unbreakable, this is however a flawed belief that unauthorised decryption always adresse the algorith Applied. However encryption is performed on and by the hardware and the hardware might expose the encryption algorithm, so while a 256bit encryption will take extreme amount of time to break with a Classic bruteforce attack, other weaknesses might be exploited with side-channel attacks by modern forensic decryptionist and codebreakers. This however requires physical acces to the encrypted piece of information. Anyway Google "side-channel attack" for more information.

So while FBI gained acces to the phone, they are unlikely to gain acces your phone by solely a remote attack, atleast aslong as they have found any other exploit.