Key Takeaways
- FBI used Cellebrite’s tools to break into Crooks’ phone, accessing 0-days.
- Companies like NSO Group exploit software for agencies, risking data privacy.
- Tools like Graykey can access latest devices quickly, despite manufacturer patches.
Following the attempted assassination of former U.S. President Donald Trump, several U.S. agencies are investigating the motivations behind Thomas Matthew Crooks’ actions. A large key to that is his smartphone, as it can house private conversations, notes, and other data that might help enforcement agencies understand his motives. After a couple of days, the FBI said that they had gained access to his phone. However, with the modern protections offered by smartphones these days, how did they?
With all modern Android smartphones and iPhones offering full-device encryption, eagle-eyed tech fans have noticed that the bureau likely has access to tools that can break into smartphones, likely in a way that the manufacturers of these smartphones wouldn’t necessarily be a fan of, either. Little is known about the device so far, but the FBI said in a statement that its technical specialists “successfully gained access to Thomas Matthew Crooks’ phone, and they continue to analyze his electronic devices.”
Since then, we’ve learned, according to Bloombergthat the FBI made use of Cellebrite’s software to get into a “newer Samsung model” running Android.
How did the FBI break into Thomas Matthew Crooks’ phone?
There are companies out there holding onto 0-days
First and foremost, it’s important to understand the context of what a 0-day vulnerability is. A 0-day vulnerability, often referred to simply as a “zero-day,” is a security flaw in software that is unknown to the vendor or developer. This means that the developer has had “zero days” to address and patch the flaw before it can be exploited by attackers. When it comes to Android or iPhone smartphones, these vulnerabilities are especially concerning due to the personal and sensitive nature of the data stored on these devices.
In the context of the recent incident where the FBI gained access to a particular smartphone, Bloomberg reports that the FBI enlisted the help of Israeli-based Cellebrite in order to access the smartphone. Reflecting on the events of 2016, the FBI publicly criticized Apple for refusing to unlock the phone of the San Bernardino shooter. Shortly after, the FBI announced that it had accessed the smartphone without Apple’s assistance. The FBI initially attempted to take Apple to court to compel the company to create software providing a backdoor, but withdrew its request the day before the hearing, citing that it had managed to unlock the phone with the help of a third party. It was not revealed who the third-party at the time was.
2:33
Related
Best phones in 2024
Want a new smartphone and are overwhelmed with options? Here’s our expert guide on the best smartphone for you.
There are a number of companies out there capable of exploiting these smartphones, and Cellebrite is just one of them. While the Googles and Apples of the world will try to make it worth someone’s while to report a serious exploit, the truth of the matter is that these companies can make a lot of money by withholding those bugs and instead using them to help out law enforcement agencies and even potentially malicious clients. 404 Media reportedly gained access to a support matrix of supported devices that Celebrite can break into, which suggests that iOS 17.4 devices are currently completely secure against the company’s tools.
Another company accused of aiding governments in the past is NSO Group. NSO Group is an Israeli-based cyber-intelligence firm that was found to have developed a spyware dubbed “Pegasus.” NSO marketed the software as a way to fight crime and terrorism, but it was reported that multiple governments (potentially including some branches of the United States government) had used it to surveil political opponents, journalists, and human rights activists.
Pegasus was eventually patched in 2021 following the Pegasus Project report and patched again in September 2023 after it had been updated to use a different exploit. There’s an entire business around getting access to phones and spying on phones, so it’s unsurprising that the FBI has managed to enlist the help of someone to help break into whatever device it is.
The FBI apparently turned to Cellebrite
Though there are a number of other options
According to Cooper Quintin, a security researcher and senior staff technologist with the Electronic Frontier Foundation, who spoke with The Verge before it was reported that the FBI used Cellebrite, it was already considered very likely. Cellebrite is another Israeli-based company that can provide mobile extraction tools to law enforcement, though it was also said that the FBI is expected to have its own in-house tools that it has either purchased from other companies, borrowed from other branches of government, or even developed itself.
Cellebrite is far from the only option, though. Graykey is a piece of software that is said to be capable of accessing the Samsung Galaxy S24 series, iPhones on iOS 17, and the Google Pixel 6 and the Google Pixel 7. It’s a tool that the company says can “provide same-day access to the latest iOS and Android devices – often in under one hour.” These tools are typically not condoned by smartphone manufacturers, and when the exploits enabling them are found, will be swiftly patched.
As a result, while the details of how the FBI accessed Crooks’ phone exactly remain unknown, Bloomberg reports that the company offered the FBI additional support in breaking into the device. Bloomberg further explains that “Cellebrite software can gain access to a phone through various methods, which include disabling a phone’s built-in mechanisms that block repeated passcode attempts, while simultaneously generating millions of codes to attempt entry. It’s unclear what method the FBI used to unlock Crooks’ phone.”
Furthermore, apparently the software unlocked the device in 40 minutes. This is an astoundingly short time, but we don’t know the specific circumstances of what device it was exactly or the manner in which Crooks protected his device. In the case of the San Bernardino shooter, after eventually accessing his phone, the FBI found no further information about a motive or intent, as it was merely a work phone. While there are potential leads found on his device this time around, we’ll be waiting to see if anything more comes from it.