FBI bypasses Apple to unlock iPhone
US government drops its case against Apple over bypassing iPhone security after managing to break into an encrypted device without the tech giant’s assistance.
The little-known Japanese company at the centre of a legal tussle between Apple and the US government over the hacking of an iPhone built its business on pinball game machines and stumbled into the mobile phone security business almost by accident.
Sun is the parent company of Cellebrite Mobile Synchronisation, which worked with the FBI to crack an iPhone connected in a terrorist attack, according to people familiar with the matter who asked not to be identified as the matter is private. Neither Cellebrite nor the FBI have confirmed the link, and a Sun spokesman on Thursday said the company isn’t able to comment on specific criminal cases.
Companies like Cellebrite may find good businesses in cracking personal devices for law enforcement. Photo: Bloomberg
Sun — based in Konan, Aichi, a city of 100,000 more than 320 kilometres southwest of Tokyo — has been building pinball-like game machines found in Japan’s pachinko parlours since the 1970s but has often displayed bigger tech ambitions. Sun developed personal computers in the late 1970s, computer games and, more recently, iPhone mah-jongg apps. In 2007, as sales slumped, Sun acquired Cellebrite, based in Petah Tikva, Israel.
The purchase of Cellebrite, which hadn’t yet ventured into forensics, was mainly to add phone-to-phone data transfer to Sun’s fledgling telecommunications business, Sun spokesman Hidefumi Sugaya said in a telephone interview. When Cellebrite later took on investigative agencies such as the FBI as clients, the business took off, and today most of Sun’s mobile data solutions business comes from Cellebrite.
Sun’s shares have surged since March 21, when US authorities said a third party demonstrated a way to access data on the iPhone used in the San Bernardino, California, mass shooting last year.
“If it’s Cellebrite it’s probably good publicity for them,” said Bryce Boland, chief technology officer for Asia Pacific at security company FireEye. “There are other companies as well that provide tools in this space, and Cellebrite are one of the best companies in this space.”
Revenue from Cellebrite’s mobile data solutions division overtook pachinko parts in Sun’s fiscal year ending March 2014 and contributed $157 million (13.6 billion yen) or 50 per cent of sales in the last fiscal year, according to data compiled by Bloomberg. It’s now Sun’s largest business segment.
Israeli daily Yedioth Ahronoth last week identified Cellebrite, which has captured a large slice of the mobile forensics market over the past decade, as the FBI’s partner in cracking the iPhone.
The US Justice Department said on Tuesday that it has gained access to the data on the shooter’s phone with the help of a third party and dropped its legal case against Apple.
“Although the FBI didn’t get a legal decision that would require Apple to hack around its own security software, it created a situation where they can go to third parties to do that,” said Matt Larson, an analyst at Bloomberg Intelligence. “Companies like Cellebrite may have found a niche industry of assisting the FBI unlock personal devices in select cases.”
Cellebrite sells hardware and software for extracting data from hand-held devices, even if it has been encrypted or deleted. It employs more than 500 people and has offices in Israel, the US, Brazil, Germany, Singapore and Britain, according to its website.
The value of forensics companies such as Cellebrite, particularly for law enforcement agencies, goes beyond accessing encrypted data, according to Jonathan Zdziarski, a cyber-security researcher and iPhone security expert who consults with law enforcement.
“As you copy the evidence from the phone, you need to be able to catalogue it and demonstrate you haven’t tampered with it — show that the file that came from the phone is the same file you are using in court,” he said. “There have been plenty of free hacking tools available — it’s not just about getting to the data. All of these problems are addressed by forensics companies like Cellebrite.”
The Israeli firm may have been able to come up with a method to crack the iPhone from studying patches that Apple’s released, or updates to software that fix vulnerabilities, said FireEye’s Boland, adding he had no direct knowledge of this case.
“It’s a fairly straightforward method for a researcher to identify what has been changed, and from that reverse-engineer what the flaw was and then build a tool to exploit that flaw,” he said.
The Washington Post