Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
FBI Contracts Cellebrite to Break into San Bernardino iPhone (fpds.gov)
80 points by QuinnWilton on March 23, 2016 | hide | past | favorite | 12 comments


I suspect that contract is unrelated. Details of the contract are visible at:

https://www.fpds.gov/common/jsp/LaunchWebPage.jsp?command=ex...

Specifically, the "description of requirement" says:

    IGF::OT::IGF  UFED software renewals for seven machines.
Which sounds like a routine license renewal... unless, of course, they're deliberately being misleading with that line item.


Looks like that link has a transient id and returns a blank page..

Real link here: https://www.fpds.gov/ezsearch/jsp/viewLinkController.jsp?age...

Agreed that this doesn't look like the actual phone contract. Cellebrite runs contracts for the DOJ every few weeks and that amount is quite low:

https://www.fpds.gov/ezsearch/fpdsportal?q=cellebrite+CONTRA...

Wouldn't be surprising if the DOJ had called them up, though, and also wouldn't be surprising if any purchase order surrounding the case was sealed for reasons of national security.


Well, there's a different point to be made. FBI has been using Cellebrite's services for years. Why on Earth they thought they could help just 24h before the first hearing? Answer is obvious, but it's incredible how the FBI lawyers thought this case could have any chance against the richest company in the US? A company that could afford to throw money at the best lawyers around until the end of times.


Is $15k a weirdly low number for this, given the importance the FBI has attributed to it? Anyone with similar contracting experience who can comment?


Cellebrite's entire business is building these kinds of exploits into its shrink-wrap software sold to thousands of law enforcement agencies, including po-dunk municipalities that presumably can't afford federal government contracting rates. I'd guess that if they're quoting $15k, they're going to run the software they already have.

They are not know to be effective against current iPhones, but they do advertise their ability to break all Androids and older iPhones via USB on their public website.


Is there a known vuln against all current Androids? Or would it be unpublished if currently true?


A while ago there was Stagefright. Though I doubt the company's entire product line hinges on one bug; there is presumably a large catalog of exploits with varying effectiveness depending on the exact model and version of the target.


Well, from the FBI's perspective, they may already know the data on that work phone is worthless, but they just pretended it's not to get the precedent against Apple.

From Cellebrite's perspective, they should've probably asked more like $1.5 million to solve "such a valuable case", as the FBI has made it to be in public (and if this is indeed that contract, which it may not be). Apple also helped there by talking about how much of a burden it would be to unlock it.


Truth is the community knows how much of a relative non-burden it is and the contract was probably bid upon.


As the other reply has alluded to, the low price is indicative of how trivial of a problem this was to solve. It's not a 1.5M dollar problem and the FBI could easily find someone willing to charge less.


Maybe this was the sum quoted by Cellebrite.


Danny Yadron, a reporter for the Gaurdian, recently tweeted "Reliable sources with a variety of biases saying Cellebrite rumor is bunk."




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: