Pixel Envy

Written by Nick Heer.

Revisiting Incorrect Reports That Cellebrite Cracked the San Bernardino iPhone

Speaking of Cellebrite, I thought it would be a good time to look back at all of the reports that confidently — and, we now know, incorrectly — stated that it was responsible for cracking the iPhone 5C used by one of the San Bernardino shooters.

It all started with a March 23, 2016 report from Sagi Cohen in Israel’s Yedioth Ahronoth:

The FBI has been reportedly using the services of the Israeli-based company Cellebrite in its effort to break the protection on a terrorist’s locked iPhone, according to experts in the field familiar with the case.

This article came two days after the FBI announced that a third-party vendor, which we now know to be Azimuth, would likely be able to help crack the iPhone in question.

Note that the Office of the Inspector General claimed in its report (PDF) about this case that the FBI began contacting vendors “on the eve” of its February 16, 2016 court filing, “including contacting an outside vendor who he knew was almost 90 percent finished with a technical solution that would permit the exploitation of the Farook iPhone”. It is entirely possible that the FBI contacted Cellebrite as it was trying to figure out how to get into this iPhone.

However, that quickly escalated in a March 31 Bloomberg article by Monami Yui and Aleksandra Gjorgievska:

Cellebrite Mobile Synchronization Ltd. worked with the FBI to crack an iPhone connected in a terrorist attack, according to people familiar with the matter, who asked not to be identified as the matter is private. Neither Cellebrite nor the FBI have confirmed the link, and a spokesman from parent Sun Corp. on Thursday said the company isn’t able to comment on specific criminal cases.

“Cellebrite […] worked with the FBI to crack an iPhone […] according to people familiar with the matter” we now know to be incorrect, but it was already evident less than two weeks later courtesy of a Washington Post report by Ellen Nakashima:

The FBI cracked a San Bernardino terrorist’s phone with the help of professional hackers who discovered and brought to the bureau at least one previously unknown software flaw, according to people familiar with the matter.

[…]

The bureau in this case did not need the services of the Israeli firm Cellebrite, as some earlier reports had suggested, people familiar with the matter said.

Nakashima was also one of the reporters responsible for confirming Azimuth’s role.

Despite multiple articles in 2016 noting that Cellebrite was ultimately not involved in the cracking of the San Bernardino shooter’s iPhone, reporting on the company has continued to link it to the successful unlocking of that device, often citing that Bloomberg story as evidence.

So, let’s summarize. First, Azimuth, not Cellebrite, was responsible for cracking the iPhone 5C used by one of the people responsible for the San Bernardino attack. Second, Bloomberg’s sources were clearly wrong, and it would not be the first time that a Bloomberg infosec story had dubious evidence.