It was reported earlier this week that the FBI had filed a motion to delay its trial against Apple over the San Bernardino iPhone. It seems that the government agency had found an outside party capable of unlocking the device and no longer required Apple’s help.
At the time, we didn’t know who this third party was, but according to Israel-based newspaper Yedioth Ahronoth, the company helping the Department of Justice crack Syed Rizwan Farook’s iPhone 5c is an Isreali mobile forensics company called Cellebrite.
The company’s UFED mobile extraction device series claims to offer “unparalleled data extraction and analysis capabilities.” One product in particular, the UFED Touch, can supposedly “bypass pattern lock/password/PINs” on Android devices, as well as offering “the widest support for extraction and decoding” for Apple products.
The Vice President of Cellebrite’s forensics division, Leeor Ben-Peretz, wouldn’t comment on the Apple case when speaking to Isreali news outlet Haaretz, but he did indicate his belief that all devices can be broken into, no matter how hack-proof they may seem.
If Cellebrite really is helping the FBI, the exact method it is using to decrypt the iPhone is still a mystery. But one person who’s already had plenty to say about the ongoing saga, John McAfee, told CNBC that he knows how Cellebrite will do it.
"I promise you that Tim Cook and Apple are not going to be happy with the solution that the FBI has come up with […] because it is almost as bad as a universal master key,” he told CNBC’s Power Lunch.
McAfee, of course, had previously offered to help the FBI crack the iPhone with his team of super hackers using mostly social engineering techniques. He later admitted that this was all a lie to draw attention to the fact that “the FBI is trying to [fool] the American public.”
Experts believe that Cellebrite will use a NAND mirroring technique to circumvent the iPhone’s built-in security measures. This method involves desoldering the NAND chip, copying all its data using a device capable of reading/writing NAND flash, replacing the chip, and then guessing passcodes. If the auto-erase feature is enabled and the iPhone is wiped, it’ll be a case of removing the chip, copying the original information back in, and replacing it. It’ll be possible to add a test socket to make the chip swapping faster and easier.
This NAND technique will work on the iPhone 5c in question as it doesn’t have a Secure Enclave; it can't used on any phones beyond the 5s.