“No device is bulletproof."
An executive at the Israeli tech firm Cellebrite said that two years ago after the company's cellular data recovery systems helped exonerate a suspect in a Tel Aviv murder case.
Now the company with deep ties to the Israeli military’s vaunted cyberespionage unit 8200 is in the spotlight again. This time the case has international significance because it involves the iPhone used by the San Bernardino, Calif., shooter Syed Rizwan Farook that's led to a months-long legal battle between the FBI and Apple.
After putting intense legal pressure on Apple to help federal investigators unlock the iPhone, the FBI said earlier this week that it was working with an anonymous "third party" to gain access to the device. According to an unconfirmed report in the Israeli daily Yediot Ahronoth on Wednesday, the company is Cellebrite, a wholly owned subsidiary of Japan’s Sun Corp. An employee at Cellebrite, which is based in the Tel Aviv suburb of Petach Tikvah, didn’t respond to repeated requests for comment.
The FBI has also refused to identify the company it's working with in the case. Speaking to reporters Thursday, FBI Director James Comey said that over the weekend an "individual" approached the agency about a possible solution. "It looks like it may work out. We are optimistic," he said.
A successful hack of the iPhone via Cellebrite or another third party would seemingly avoid litigation between the Justice Department and Apple, the world’s leading technology company, and cool off a growing debate over encryption that has erupted between the tech community and US government officials.
Cellebrite certainly has the profile of a company that could be working with the US investigators on the iPhone hack. It appears to have signed a contract with the FBI on Monday for $15,000 to perform "software renewals for seven machines."
The 17-year old company initially focused on transferring personal contact data between mobile devices, but in recent years developed software that helps law enforcement and security agencies gain access to and recover encrypted or erased data from all shapes and sizes of mobile devices. It has become a significant player in the multibillion-dollar mobile forensics marketplace that is exploding along with the adoption of more smartphones and tablets.
"There are only one or two companies with that kind of knowledge’" to access the encrypted data on an iPhone, says Dudu Mimran, a mobile security expert at Ben Gurion University’s cybersecurity laboratory.
Replicating information about Apple’s proprietary security architecture is onerous task, he said. "It’s not magic. It’s a matter of deep expertise, and an accumulation of research – and that research consumes a lot of time. I don’t think there’s a simple trick to it or everyone would be doing it.’"
In fact, a 2013 notice of FBI plans to purchase Cellebrite’s systems praised the company for being one of the sole systems able to swiftly extract photos, videos, deleted call registries and text messages on 95 percent of mobile phones – including a range of iPhone models.
"Half an hour with your telephone, and we can know everything," said Cellebrite executive Yossi Carmil in a 2013 interview with the Israeli newspaper Haaretz.
A year later, Cellebrite reportedly helped recover WhatsApp messages that had been deleted from a cellphone in a high-profile murder investigation in Israel. Those recovered files helped prove the innocence of an indicted suspect by demonstrating that the state’s star witness had obstructed the investigation.
With thousands of customers in 100 countries, Cellebrite touts itself as having "the most advanced solution" for forensic extraction, decoding and analysis of data from the Apple handsets. A YouTube video gives a demonstration for customers of how to hack an iPhone.
In the Haaretz interview, Mr. Carmil walked through the company’s archive thousands of mobile phone devices during an on-camera interview and explained its techniques. He said the company exploits the fact that flash memory devices used in mobile phones contain algorithms that seek to save phone data for as long as possible even if the owner deleted the information.
"If there are 100 security agencies in the world using systems to unlock mobile devices, we are working with 40 of them,’" said Carmil.
The company, which has offices in New Jersey and Germany, has recently expanded its workforce, which numbers around 500.
Not surprisingly, many of the hackers employed by the company come out of an Israeli military intelligence unit 8200, which is renown for cyberespionage and code breaking abilities.
“Unit graduates bring with them a certain know-how that’s learned inside of the unit which I can’t elaborate on," said Carmil in an interview with Israeli news website NRG. "For us, that constitutes a relative advantage."