Archivi tag: farook

Who unlocked the San Bernardino iPhone?

Yesterday, Monday, March 28, 2016 the US Government issued the report where they say they successfully unlock the PIN code of Farook’s iPhone, seized after the San Bernardino attack. The message says that “the government has now successfully accessed the data stored on Farook’s iPhone and therefore no longer requires the assistance from Apple Inc.”.

Such news was anticipated a few days ago by another official document where the US Government said that an “outside party” demonstrated to the FBI a possible method for unlocking Farook’s iPhone and that testing was required to determine whether that would be a viable method that will not compromise data on the phone.

After the public statement of march 22 about someone being able to unlock the iPhone without Apple’s support, rumours said that the “outside party” might be the Israeli firm Cellebrite, which provide mobile forensics services and software, but today, after the successful data extraction report, voices were not confirmed but sometimes even denied.

Doing some OSINT, Open Source Intelligence, on public information we can read something quite interesting: the Federal Procurement Data System reports that on march 21 (the same day as the “outside party” possibility of unlocking the iPhone public report) FBI issued a purchase order for about $15.000 to Cellebrite for “INFORMATION TECHNOLOGY SOFTWARE” [WBM]. The purchase order was noticed by researchers and published on Twitter.

DJF161200P0004424 Cellebrite FBI Purchase Order

Award ID (Mod#):
DJF161200P0004424 ( 0 ) (View) Award Type: PURCHASE ORDER
Vendor Name: CELLEBRITE USA CORP Contracting Agency: FEDERAL BUREAU OF INVESTIGATION
Date Signed: March 21, 2016 Action Obligation: $15,278.02
Referenced IDV: Contracting Office: DEPT OF JUST/FEDERAL BUREAU OF INVESTIGATION
NAICS (Code): RADIO AND TELEVISION BROADCASTING AND WIRELESS COMMUNICATIONS EQUIPMENT MANUFACTURING ( 334220 ) PSC (Code): INFORMATION TECHNOLOGY SOFTWARE ( 7030 )
Vendor City: PARSIPPANY Vendor DUNS: 033095568
Vendor State: NJ Vendor ZIP: 070544413
Global Vendor Name: CELLEBRITE USA CORP Global DUNS Number: 033095568

The news was not considered as a proof, even if the coincidence is weird, since FBI issued many purchase orders to Cellebrite during past years and since the “7030” code “INFORMATION TECHNOLOGY SOFTWARE” might be related to software supply.

What’s more relevant is that some Open Source Intelligence can show that the above is not the last purchase order issued on March. Yesterday, Monday, March 28th, FBI purchased from Cellebrite $218.000 of “INFORMATION TECHNOLOGY SUPPLIES”  [WBM].

DJF161200G0004569 Cellebrite FBI Purchase Order

Award ID (Mod#):
DJF161200G0004569 ( 0 ) (View) Award Type: PURCHASE ORDER
Vendor Name: CELLEBRITE USA CORP Contracting Agency: FEDERAL BUREAU OF INVESTIGATION
Date Signed: March 28, 2016 Action Obligation: $218,004.85
Referenced IDV: Contracting Office: DEPT OF JUST/FEDERAL BUREAU OF INVESTIGATION
NAICS (Code): RADIO AND TELEVISION BROADCASTING AND WIRELESS COMMUNICATIONS EQUIPMENT MANUFACTURING ( 334220 ) PSC (Code): INFORMATION TECHNOLOGY SUPPLIES ( 7045 )
Vendor City: PARSIPPANY Vendor DUNS: 033095568
Vendor State: NJ Vendor ZIP: 070544413
Global Vendor Name: CELLEBRITE USA CORP Global DUNS Number: 033095568

It might be a simple coincidence, but if we issue the query  <<CONTRACTING_AGENCY_NAME:”FEDERAL BUREAU OF INVESTIGATION” VENDOR_FULL_NAME:”CELLEBRITE USA CORP>> on the FPDS search engine, in the EZ Search section, we can see and download the full history of purchase orders issued by “FEDERAL BUREAU OF INVESTIGATION” to “CELLEBRITE USA CORP” [WBM]. We can observe that since September 2009 Cellebrite was given 187 purchase orders, but the purchase order issued yesterday, with ID “DJF161200G0004569”, is rather unique in that:

  • it’s the only one with an action obligation of more than $ 200.000 issued with “CELLEBRITE USA CORP” (the average for purchase orders is about  $11.000);
  • it’s the only one with the “INFORMATION TECHNOLOGY SUPPLIES” description and PSC type “7045”;
  • it was issued yesterday, when the US Government published a note informing that the San Bernardino iPhone was successfully unlocked and data was successfully accessed, presumably by an “outside party” as they said in the previous note.

In conclusion, we don’t know if Cellebrite was involved in San Bernardino iPhone PIN unlocking, we know that Cellebrite is able to unlock iPhons up to iOS 7 and iOS8 with 32bit processors and on iPhone 4s/5/5c, iPad 2/3/4, iPad Mini 1 and… the coincidence of yesterday’s purchase order is rather weird.