Thursday, April 14, 2016

Fear everyone - or don't (Cellebrite or Hacker X never met the Bedford Police Department)

Every once in a while, I like to write a post in which I explain why I don't fear Big Brother (or, to put it another way, "don't worry about the government"). Over the years I've documented the demise of uGov, the cross purposes at UC Irvine, competing airline security systems, the poor security for nuclear missile launches, the lack of NSA-FBI security coordination, the lack of DHS-CIA coordination, and conflicts between the DHS, the FBI, and the NSA. These and many other episodes highlight the truth, expressed by Dave Barry, that any action by government will be met with an equal and opposite reaction from another part of government.

But right now I'm thinking about another post in this vein - Which do you fear more - business Big Brother, or government Big Brother? I want to quote from that 2011 post, which seems eerily relevant today.

Cellebrite manufactures a Universal Forensics Extraction Device. Now we're not talking about debate or biometrics here, but the examination of any item for purposes of law enforcement. In this particular case, we're talking about cell phones. If Malte Spitz had been unsuccessful in getting his location information from Deutsche Telekom, perhaps he could have bought the Cellebrite UFED and obtained the location information in that manner.

"Based on Cellebrite’s expertise in data extraction technology, the mobile forensics products perform both logical and physical data extraction, including recovery of deleted messages and content.

"With more than a decade of experience in mobile data technologies, Cellebrite provides the widest coverage available in the market today. The UFED family of products is able to extract and analyze data from more than 3000 phones, including smartphones and GPS devices."

I am writing this post mere weeks after the FBI ceased its attempts to have Apple unlock Syed Farook's iPhone. Why did the FBI stop? Because it got someone else to unlock it. The FBI didn't say who helped, but various sources claim that Cellebrite did the work, while other sources claim someone else did it.

So who looks good after this affair? Nobody. The FBI, who pleaded that they couldn't unlock the iPhone and that only Apple had the expertise to do so, apparently found someone to do it - possibly cheaply. Apple, who wanted to maintain its posture as a manufacturer of secure communications equipment, has had its security breached - possibly cheaply. And the people who actually unlocked the phone can't get any credit for the deed. Oh, and it's quite possible that the only information that was found on the iPhone in question was data about San Bernardino dining spots.

Now, who are you supposed to fear?

The FBI, who set the wheels in motion to allow this phone - or perhaps your phone - to be hacked?

Apple, who manufactured a phone - perhaps your phone - that could be hacked?

Or the mysterious people who actually performed the hack on this phone, and could do it to your phone?

"None of the above," you might say. "I have nothing to hide."

Well, if you have nothing to hide, then feel free to share your name, address, Social Security Number (remember Todd Davis?), and bank account passwords.

Oh, and leave your house and car unlocked.

blog comments powered by Disqus