LISTEN LIVE KPR - On Air: Listen Live to classical, jazz and NPR news Schedule LATEST
KPR 2 - On Air: Listen live to KPR's all talk-radio service, KPR2 Recordings

Share this page              

The Apple-FBI Whodunit: Who Is Helping The Feds Crack The Locked iPhone?

A customer tries out a new iPhone at an Apple store in Chicago. The FBI is working with a "third party" to test a method of seeing what's inside the iPhone used by one of the San Bernardino shooters without Apple's help.

The rumor mill is on.

A report by an Israeli newspaper, citing anonymous industry sources, pointed the finger at an Israeli company as the firm helping the FBI get inside the locked iPhone of one of the San Bernardino shooters.

The paper, Yedioth Ahronoth, has been known to plug Israeli companies. But the stakes to uncover the unnamed "third party" working with the FBI are tremendously high. The newspaper report got picked up by Reuters in Tel Aviv and from there, rippled through the tech blogs.

So what's the company? Its name is Cellebrite. It's a regular government contractor and promotes itself as a mobile forensics software provider.

Is it really the company helping the FBI bypass the need for Apple's special software to see inside this famous iPhone? We don't know.

What we have is a lot of speculation — and a lot of skepticism.

The FBI's response is that the agency cannot comment on the identity of the third party that's assisting it. Cellebrite, too, has not commented to NPR and told other media little beyond the fact that it has worked with the Justice Department.

National security blogger Marcy Wheeler traced the bread crumbs of court documents filed in relation to the San Bernardino investigation and another federal investigation involving another locked iPhone to arrive at the suspicion that the FBI did ask Cellebrite to open the phone used by Syed Rizwan Farook.

But just as much, this could be a brilliant publicity stunt by Cellebrite.

Stoking the rumors was a new contract, posted in the government database on Wednesday but dated March 21 — the day when the FBI announced it may have found a new solution — for services from Cellebrite USA. Forensics experts quickly sought to dispel this particular contract's relevance, attributing it to software licensing renewal and pointing to the meager $15,278 price tag and given "principal place of performance" of Chicago, not San Bernardino.

At this time, no concrete evidence is pointing at Cellebrite. And we don't know for sure what method the FBI is testing, either. Apple lawyers have indicated that they would like the government to disclose the method it would use to get inside Farook's iPhone. But it's also entirely possible the FBI will ask to keep both the vendor and the method classified.

What The Method Might Be

What we do know is that there have been several alternative ideas floating in the security community about how the FBI could overcome the iPhone security features preventing the agency from hooking the phone up to a computer and trying unlimited passcodes to find the right one without triggering a content wipeout.

In fact, FBI Director James Comey faced several questions about one technique in a congressional hearing. At the time, Comey testified that he was confident that government experts had considered all options before seeking a court order for Apple to write special software. Later, the FBI said the worldwide attention to the case had brought new alternatives to its attention and one of them, it decided to test.

Computer forensics researcher Jonathan Zdziarski argues that because the FBI has asked courts for only two weeks to test the viability of the new method, it's likely not highly experimental. It's also likely not something destructive, like the "decapping" method that relies on physically shaving off tiny layers of the microprocessor inside the phone to reveal a special code that would let investigators move the data and crack the passcode.

The idea that's garnering the most focus is something called chip cloning, or mirroring or transplantation. The method entails de-soldering the so-called NAND flash chip (the phone's version of hard drive) from the phone's board and sticking it into a chip reader that saves all the data from the memory chip and about the chip (including things like its serial number) into a file that gets copied onto another similar chip.

Then, it works sort of like saving your place in a video game: Investigators could try some passcodes without the fear of the self-wipe function because they can reload, or re-image, the chip again and again.

"We don't know yet that this is 100 percent doable, but we do know it's feasible," Zdziarski told NPR about the method in an interview last week, before the news of a third-party alternative broke.

He said the technology wasn't tremendously expensive and, in fact, has been showcased in a video of a techie in a Chinese mall performing this procedure to help people get a memory upgrade for their iPhones.

NPR's Aarti Shahani contributed to this report.

Copyright 2016 NPR. To see more, visit

Tower Frequencies

91.5 FM KANU Lawrence, Topeka, Kansas City
89.7 FM KANH Emporia
99.5 FM K258BT Manhattan
97.9 FM K250AY Manhattan (KPR2)
91.3 FM  KANV Junction City, Olsburg
89.9 FM K210CR Atchison
90.3 FM KANQ Chanute
96.1 FM K241AR Lawrence (KPR2)

See the Coverage Map for more details

Contact Us

Kansas Public Radio
1120 West 11th Street
Lawrence, KS 66044
Download Map
785-864-4530 (Main Line)
888-577-5268 (Toll Free)