Inside the Little-Known Firm Said to Be Helping the FBI Crack iPhones

Inside the Little-Known Firm Said to Be Helping the FBI Crack iPhones

The little-known Japanese company at the center of a legal tussle between Apple and the US government over the hacking of an iPhone built its business on pinball game machines and stumbled into the mobile phone security business almost by accident.

Sun Corp. is the parent company of Cellebrite Mobile Synchronization, which worked with the FBI to crack an iPhone connected in a terrorist attack, according to people familiar with the matter who asked not to be identified as the matter is private. Neither Cellebrite nor the FBI have confirmed the link, and a Sun Corp. spokesman on Thursday said the company isn’t able to comment on specific criminal cases.

Sun based in Konan, Aichi, a city of 100,000 more than 200 miles southwest of Tokyo has been building pinball-like game machines found in Japan’s pachinko parlors since the 1970s but has often displayed bigger tech ambitions. Sun developed personal computers in the late 1970s, computer games and, more recently, iPhone mah-jongg apps. In 2007, as sales slumped, Sun acquired Cellebrite, based in Petah Tikva, Israel.

The purchase of Cellebrite, which hadn’t yet ventured into forensics, was mainly to add phone-to-phone data transfer to Sun’s fledgling telecommunications business, Sun spokesman Hidefumi Sugaya said in a telephone interview. When Cellebrite later took on investigative agencies such as the FBI as clients, the business took off, and today most of Sun’s mobile data solutions business comes from Cellebrite.

Sun’s shares have surged since March 21, when US authorities said a third party demonstrated a way toaccess data on the iPhone used in the San Bernardino, California, mass shooting last year.

(Also see:  Apple Remains in Dark on How FBI Hacked iPhone)

“If it’s Cellebrite it’s probably good publicity for them,” said Bryce Boland, chief technology officer for Asia Pacific at security company FireEye Inc. “There are other companies as well that provide tools in this space, and Cellebrite are one of the best companies in this space.”

Revenue from Cellebrite’s mobile data solutions division overtook pachinko parts in Sun’s fiscal year ending March 2014 and contributed $121 million (roughly Rs. 802 crores) or 50 percent of sales in the last fiscal year, according to data compiled by Bloomberg. It’s now Sun’s largest business segment.

Israeli daily Yedioth Ahronoth last week identified Cellebrite, which has captured a large slice of the mobile forensics market over the past decade, as the FBI’s partner in cracking the iPhone.

The US Justice Department said Tuesday it has gained access to the data on the shooter’s phone with the help of a third party and dropped its legal case against Cupertino, California-based Apple.

“Although the FBI didn’t get a legal decision that would require Apple to hack around its own security software, it created a situation where they can go to third parties to do that,” said Matt Larson, an analyst at Bloomberg Intelligence. “Companies like Cellebrite may have found a niche industry of assisting the FBI unlock personal devices in select cases.”

Cellebrite sells hardware and software for extracting data from hand-held devices, even if it has been encrypted or deleted. It employs more than 500 people and has offices in Israel, the US, Brazil, Germany, Singapore and Britain, according to its website. Founded in 1999, Cellebrite was bought by Sun Corp. for a reported $17.5 million (roughly Rs. 116 crores).

The value of forensics companies such as Cellebrite, particularly for law enforcement agencies, goes beyond accessing encrypted data, according to Jonathan Zdziarski, a cyber-security researcher and iPhone security expert who consults with law enforcement.

“As you copy the evidence from the phone, you need to be able to catalog it and demonstrate you haven’t tampered with it show that the file that came from the phone is the same file you are using in court,” he said. “There have been plenty of free hacking tools available it’s not just about getting to the data. All of these problems are addressed by forensics companies like Cellebrite.”

The Israeli firm may have been able to come up with a method to crack the iPhone from studying patches that Apple’s released, or updates to software that fix vulnerabilities, said FireEye’s Boland, adding he had no direct knowledge of this case.

“It’s a fairly straightforward method for a researcher to identify what has been changed, and from that reverse-engineer what the flaw was and then build a tool to exploit that flaw,” he said.

© 2016 Bloomberg L.P.

Download the Gadgets 360 app for Android and iOS to stay up to date with the latest tech news, product reviews, and exclusive deals on the popular mobiles.

Tags: Apple, Apple vs FBI, Cellebrite, Cellebrite Mobile Synchronization, Encryption, FBI, iPhone, Mobiles
[“source-Gadgets”]