Was Israel security tech firm behind US government hack of terrorist cellphone?

In a Wednesday, Dec. 7, 2011, file photo, a person stands near the Apple logo at the company's store in Grand Central Terminal, in New York. There's a shadowy global industry devoted to unlocking phones and extracting their information. For digital forensics companies, success can mean big bucks in the form of government contracts. And the notoriety that could come with cracking an iPhone used by a purported terrorist could rocket them to cyber stardom. (AP Photo/Mark Lennihan, File)

(CNN) — The legal fight between Apple and the FBI over a terrorist’s smartphone has put another company, an Israeli tech firm, into the spotlight.

Neither that security company nor the the FBI are talking about what could be a big break in a crucial investigation.

Four months after the San Bernardino terrorist attack, the iPhone 5c of one of the shooters remained a critical but inaccessible piece of evidence.

An ugly legal battle between the FBI and Apple suddenly ended when the FBI found a different way to get into the iPhone.

An Israeli newspaper, citing industry sources, said the company that did the work was called Cellebrite, based out of a high-tech park just outside of Tel Aviv.

Neither the FBI nor Cellebrite have confirmed the company’s involvement to CNN, but Cellebrite specializes in mobile device data extraction and decryption – in other words, hacking phones.

That’s exactly what the FBI needed in this case, which only stated that it used an “outside company.” But the FBI did sign a $200,000 contract with Cellebrite the same day the bureau announced it had gained access to the content in the shooter’s phone.

Shares of Cellebrite’s parent company soared.

At a tech conference in 2014, Cellebrite’s forensics technical director Yuval Ben Moshe told CNN about their work. “We allow law enforcement agents a very deep and detailed access to a lot of information that is on the mobile device to deduct who did what when, which is the essence of any investigation.”

Cellebrite’s technology isn’t just a hack on an iPhone — critics say it’s a hack on privacy.

Ben Moshe says his company has been challenged in court. “You got to make sure that whatever that you bring into court can stand there and can stand every cross-examination and there are very, very strict rules and guidelines in most countries and we meet those to the best of our knowledge.”

In a Wednesday, Dec. 7, 2011, file photo, a person stands near the Apple logo at the company's store in Grand Central Terminal, in New York. There's a shadowy global industry devoted to unlocking phones and extracting their information. For digital forensics companies, success can mean big bucks in the form of government contracts. And the notoriety that could come with cracking an iPhone used by a purported terrorist could rocket them to cyber stardom. (AP Photo/Mark Lennihan, File)
In a Wednesday, Dec. 7, 2011, file photo, a person stands near the Apple logo at the company’s store in Grand Central Terminal, in New York. There’s a shadowy global industry devoted to unlocking phones and extracting their information. For digital forensics companies, success can mean big bucks in the form of government contracts. And the notoriety that could come with cracking an iPhone used by a purported terrorist could rocket them to cyber stardom. (AP Photo/Mark Lennihan, File)

To learn more about mobile device security, we met Michael Shaulov, a mobile technology expert at Checkpoint, an Israeli cyber-security firm.

“What are the weak points of an iPhone or any other mobile device that you can access the phone through?,” CNN asked.

Shaulov replied “When you connect the cable to the phone, then you can abuse all kinds of protocols, and the iPhone can communicate with the laptop, and then by hijacking or manipulating those protocols, you can unlock the phone.”

“If I give you my iPhone, how long will it take you to hack it?”

“It will probably take me less time to hack the phone when it is in your hand rather than when I have it,” he said. “It’s much easier to conduct a social engineering attack, to get you to install something on your phone rather than me trying to get around your passcode.”

This is the flip side of the start-up nation — innovation used to build security, now used to exploit vulnerabilities.

So is Cellebrite the company behind the U.S. government’s iPhone hack? It will not say, but notably the company that signed the FBI contract and was enthusiastically touting its technology not long ago has now gone silent.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s