Cellebrite Sent The FBI Unreleased Software To Crack The Trump Shooter’s Phone
from the to-what-end-though dept
If nothing else, it appears the FBI has decided it’s not worth fighting the “compelled assistance” battle again. Several years ago, the DOJ went to court in hopes of forcing Apple to decrypt a phone belonging to the (dead) San Bernardino shooter.
It didn’t go well for the DOJ or the FBI, no matter how much then-FBI director James Comey bitched about it. The phone was eventually unlocked. And Comey has since been replaced, but his successor (Chris Wray) is just as dumb, dishonest, and histrionic about device encryption.
Fortunately, we haven’t heard anything from Chris Wray about the latest extremely minimal and temporary hiccup the FBI encountered while breaking into the phone owned by the person who tried to kill Donald Trump but killed an innocent person instead.
After a couple of days of failure, the FBI apparently reached out to one of its preferred vendors. And, as Bloomberg reports, that company — the Israel-based Cellebrite — apparently had a solution.
The agents called Cellebrite’s federal team, which liaises with law enforcement and government agencies, according to the people.
Within hours, Cellebrite transferred to the FBI in Quantico, Virginia, additional technical support and new software that was still being developed. The details about the unsuccessful initial attempt to access the phone, and the unreleased software, haven’t been previously reported.
Once the FBI had the Cellebrite software update, unlocking the phone took 40 minutes, according to reporting in the Washington Post, which first detailed the FBI’s use of Cellebrite.
So much for “going dark.”
- This reporting follows a report on leaked Cellebrite documents by Joseph Cox for 404 Media that detailed Cellebrite’s capabilities, at least as of April 2024.
- According to those documents, post-2020 iPhones running the latest version of iOS were beyond the cellphone-cracking powers of Cellebrite. It wasn’t quite as clear-cut for Android phones, although it did appear Google Pixels were less crackable than others.
According to the Bloomberg report, the shooter’s phone was a “newer Samsung model,” which doesn’t add much to the “what phones can be cracked” matrix. While I’m sure the FBI appreciated the assist from Cellebrite, it’s unclear what they hope to learn from cracking the dead shooter’s phone.
What they have learned isn’t doing much to assure the public that law enforcement is at the top of its game, especially when it comes to the Secret Service.
- What has been gleaned from the phone extraction are unsettling details like the shooter’s drone flight over the rally grounds prior to the shooting. It also hasn’t given exactly given Trump fans the satisfaction they so sorely want: the shooter was a registered Republican, albeit one that recently donated an extremely small amount to a progressive cause.
What is clear is that law enforcement isn’t out of options when it comes to encrypted devices. And that has always been the case, no matter how many might proclaim criminals have the upper hand, despite not being in control of Nasdaq-listed companies (which Cellebrite is). Phones can be cracked, even when the option of simply beating a password out of someone is no longer an option.
As for the rest of this sad state of affairs, I won’t say much more than this: the party encouraging the most violence was the recipient of it here. But the greater problem isn’t the rhetoric so much as it is the rhetorical options, so to speak. The Secret Service, working in conjunction with law enforcement, appears to have been looking past this game to the Republic National Convention, to use a sportsball analogy. But even if everyone had their shit locked down tight, there’s simply no way to completely prevent the act of violence witnessed during this Trump rally.
As usual, The Onion has summed it up best:
Investigation Finds Secret Service Failed To Account For Nation’s 393 Million Guns
And The Onion knows where we’re headed from here because it will always fail to see the forest for the 393 million trees:
WASHINGTON—In response to the attempted assassination of former President Donald Trump at a rally in Pennsylvania over the weekend, Congress moved quickly to pass legislation Monday that bans the civilian use of roofs. “As our country continues to reel from this horrific event, we in Congress have taken action by enacting a nationwide ban on all roofs, roof terraces, and balconies,” said House Speaker Mike Johnson, explaining that the would-be assassin, who shot at and nearly killed Trump from atop a building 430 feet away, highlighted just how lax U.S. laws had been in addressing the threat of widespread roof access.
In the end, the FBI got what it wanted. But what did it actually learn from this experience? So far, there are no answers. And no matter how much agents root around in the shooter’s phone, they’ll never find a satisfactory answer. All it got was the assurance that if it asks nicely (or desperately!), it will get the help it wants, even if it’s not anything it really needs.
Filed Under: cellphone cracking, donald trump, encryption, fbi
Companies: cellebrite, samsung
/cdn.vox-cdn.com/uploads/chorus_asset/file/25532279/Phone_Cracking_FBI.jpg)
Sidney Sweeney’s Verizon Phone Gets SIM Hijacked
from the SSDD dept
For years we’ve talked about the growing threat of SIM hijacking, which involves a criminal covertly porting out your phone number from right underneath your nose (quite often with the help of bribed or conned wireless carrier employees).
Once they have your phone identity, they have access to most of your personal accounts secured by two-factor SMS authentication, opening the door to the theft of social media accounts or the draining of your cryptocurrency account. If you’re really unlucky, the hackers will harass the hell out of you in a bid to extort you even further.
It’s a huge mess, and the both the criminal complaints and lawsuits against wireless carriers for not doing more to protect their users have been piling up for several years. And by most accounts it remains a notable problem, something confirmed by the recent SIM hijacking of the Verizon phone belonging to Euphoria and White Lotus star Sydney Sweeney:
“The news provides more context on how hackers may have taken over Sweeney’s Twitter account to boost the value of an obscure cryptocurrency on the same day. The hack also highlights how telecommunications companies continue to be a soft-spot for personal and professional security, even for high profile stars.”
Continued problems related to SIM hijacking are particularly problematic given the people and services that still rely heavily on text message two-factor authentication (SMS 2FA). If the underlying verifying tech isn’t secure, all the accounts and services tethered to it aren’t either.
Senators like Ron Wyden have been sending letters to the FCC for years, asking the nation’s top telecom regulator to, you know, do its job. Late last year the FCC voted to craft new rules that were supposed to help fix the problem, but observers noted they were too vague to be of meaningful use.
And they were too vague to be of meaningful use because captured regulators (even the well intentioned ones) aren’t keen to truly stand up to major, politically powerful wireless providers. So what you often tend to get is a form of regulatory theater that doesn’t always accomplish much. With recent Supreme Court rulings that erode regulatory authority further, it’s not a dysfunction set to improve anytime soon.
Filed Under: 2fa, mobile, privacy, security, sidney sweeney, sim hijacking, sms, two factor authentication, wireless
Companies: verizon
No comments:
Post a Comment