PETAH TIKVA, Israel (CNN) – The legal fight between Apple and the FBI over a terrorist’s smartphone has put another company, an Israeli tech firm, into the spotlight.
Four months after the San Bernardino terrorist attack, the iPhone 5c of one of the shooters remained a critical but inaccessible piece of evidence.
An ugly legal battle between the FBI and Apple suddenly ended when the FBI found a different way to get into the iPhone. An Israeli newspaper, citing industry sources, said the company that did the work was called Cellebrite.
Cellebrite is based in a high-tech park just outside of Tel Aviv. Neither the FBI nor Cellebrite have confirmed the company’s involvement, but Cellebrite specializes in mobile device data extraction and decryption – hacking phones. That’s exactly what the FBI needed in this case.
CNN reached out to Cellebrite and the FBI repeatedly. Cellebrite didn’t return the calls, and the FBI wouldn’t comment about the company. The FBI has said only that they used an “outside company.”
The FBI signed a $200,000 contract with Cellebrite the same day the FBI announced it had gained access to the content in the shooter’s phone. Shares of Cellebrite’s parent company soared.
At a tech conference in 2014, Cellebrite’s forensics technical director Yuval Ben Moshe told CNN about the company’s work.
“We allow law enforcement agents a very deep and detailed access to a lot of information that is on the mobile device to deduct who did what when, which is the essence of any investigation,” Moshe said.
Cellebrite’s technology isn’t just a hack on an iPhone, critics say. It’s a hack on privacy. Moshe says his company has been challenged in court.
“You got to make sure that whatever that you bring into court can stand there and can stand every cross-examination, and there are very, very strict rules and guidelines in most countries and we meet those to the best of our knowledge,” Moshe said.
A cyber security expert said there are ways to outsmart Apple’s security.
“When you connect the cable to the phone, then you can abuse all kinds of protocols. And the iPhone can communicate with the laptop, and then by hijacking or manipulating those protocols, you can unlock the phone,” said Michael Shaulov, a mobile technology expert at Checkpoint, an Israeli cyber security firm.
Another weakness in the iPhone’s security: the iPhone user.
“It will probably take me less time to hack the phone when it is in your hand rather than when I have it. It’s much easier to conduct a social engineering attack – get you to install something on your phone – rather than try to get around your passcode,” Shaulov said.
This is the flip side of the start-up nation – innovation used to build security is now used to exploit vulnerabilities.
Is Cellebrite the company behind the U.S. government’s iPhone hack? It will not say, but notably the company that signed the FBI contract and was enthusiastically touting its technology not long ago has now gone silent.