Cellebrite expands to Mac forensic tools with $33M BlackBag purchase
Cellebrite, a digital forensic company known for assisting law enforcement in unlocking iPhones, is expanding its reach to other platforms, with the purchase of rival firm BlackBag adding PC and Mac forensic services to its portfolio.
Cellebrite's Touch2, a forensics tool used to extract data from mobile devices
Announced on Tuesday, Cellebrite has agreed to acquire BlackBag Technologies. The purchase, said to be valued at around $33 million, will give the Israeli company a wider array of products and services it will be able to offer to clients.
Owned by Japan's Sun Corp, Cellebrite's purchase of BlackBag is largely funded via an investment from IGP Capital in June, Reuters reports, valued at $110 million. The acquisition is unlikely to be the only one made by Cellebrite, as the available funds offers the opportunity for the firm to fill out its services and holdings further.
Cellebrite is best known for its mobile forensics tools, which can unlock smartphones and tablets like the iPhone, along with some cloud services. In June, the company claimed it had the capability to break into any iOS device, including those running iOS 12.3, with the ability to determine passcodes and perform unlocks for Apple devices, followed by a full file system extraction.
Its clients largely consist of law enforcement agencies and other government organizations. Cellebrite is thought to have been the firm that provided the FBI with assistance in the San Bernardino investigation in 2016, with it allegedly receiving $900,000 for helping crack the shooter's iPhone.
While Cellebrite is focused on mobile devices and cloud, BlackBag instead centers its work on computer forensics, including tools for quickly searching through volumes of data stored on servers. The purchase of BlackBag increases the capabilities of Cellebrite, making it capable of operating on more platforms.
Part of BlackBag's work includes accessing Macs and MacBooks, with its MacQuisition tool claimed to perform live data acquisition, targeted data acquisition, and forensic imaging of macOS devices. The tool is said to be the first and only one capable of creating images of Macs equipped with Apple's T2 chip, which handles encryption and other security-related tasks.
Cellebrite says the purchase helps it create a "one-stop-shop" offering to its clients "capable of meeting all of their digital investigation needs."
"This acquisition will allow Cellebrite to accelerate the delivery of new Digital Intelligence solutions and services that will empower our customers and allow them to maximize the efficiency and accuracy of their digital investigations," said Cellebrite Co-CEO Yossi Carmil. "The acquisition is a major milestone in our journey to help our customers build safer communities and we welcome the BlackBag team to Cellebrite."
Cellebrite's Touch2, a forensics tool used to extract data from mobile devices
Announced on Tuesday, Cellebrite has agreed to acquire BlackBag Technologies. The purchase, said to be valued at around $33 million, will give the Israeli company a wider array of products and services it will be able to offer to clients.
Owned by Japan's Sun Corp, Cellebrite's purchase of BlackBag is largely funded via an investment from IGP Capital in June, Reuters reports, valued at $110 million. The acquisition is unlikely to be the only one made by Cellebrite, as the available funds offers the opportunity for the firm to fill out its services and holdings further.
Cellebrite is best known for its mobile forensics tools, which can unlock smartphones and tablets like the iPhone, along with some cloud services. In June, the company claimed it had the capability to break into any iOS device, including those running iOS 12.3, with the ability to determine passcodes and perform unlocks for Apple devices, followed by a full file system extraction.
Its clients largely consist of law enforcement agencies and other government organizations. Cellebrite is thought to have been the firm that provided the FBI with assistance in the San Bernardino investigation in 2016, with it allegedly receiving $900,000 for helping crack the shooter's iPhone.
While Cellebrite is focused on mobile devices and cloud, BlackBag instead centers its work on computer forensics, including tools for quickly searching through volumes of data stored on servers. The purchase of BlackBag increases the capabilities of Cellebrite, making it capable of operating on more platforms.
Part of BlackBag's work includes accessing Macs and MacBooks, with its MacQuisition tool claimed to perform live data acquisition, targeted data acquisition, and forensic imaging of macOS devices. The tool is said to be the first and only one capable of creating images of Macs equipped with Apple's T2 chip, which handles encryption and other security-related tasks.
Cellebrite says the purchase helps it create a "one-stop-shop" offering to its clients "capable of meeting all of their digital investigation needs."
"This acquisition will allow Cellebrite to accelerate the delivery of new Digital Intelligence solutions and services that will empower our customers and allow them to maximize the efficiency and accuracy of their digital investigations," said Cellebrite Co-CEO Yossi Carmil. "The acquisition is a major milestone in our journey to help our customers build safer communities and we welcome the BlackBag team to Cellebrite."
Comments
Why don't they ask this company?
I also find it ironic the terrorist is from Saudi Arabia (just like 911) which is our big “ally”.
This has nothing to do with our security and everything to do with you right to an expectation of privacy on your personal digital devices. They want a software back door that they will then abuse. The DoJ/FBI widely abused the National Security Letters under the original USA PATRIOT ACT to the point that even it’s author Jim Sensenbrenner complained about it. In a similar manner, the widespread use of Stingrays without oversight has become endemic. Should Apple put backdoors in the MacOS and iOS, it will be abused- expect it.
This kind of thing should disturb every citizen regardless of political party. They are trying to demolish any privacy rights you have and care not that creating a back door would open a path for hackers to exploit. And the same hole that allows then to look in your phone could like be modified to allow the planting of things on your phone. Once obtained, there will be no real way to recover the rights that have been trampled.
The question not be asked is how is cracking these phones not a violation of the DMCA?
According to the user guide it is officially supported on macOS 10.11 (El Capitan), 10.12 (Sierra), 10.13 (High Sierra), and 10.14 (Mojave) systems... so it doesnt look like it is supported yet on Catalina but they might have some sort of unofficial beta available?
Also of note on the user guide:
"One of the functions of the T2 chip is to restrict boot process preventing the computer from booting to external devices, including MacQuisition. This setting can be changed in the Startup Security Utility, accessible in the Recovery partition. To boot the Recovery partition, press Command (⌘) - R while booting.
Note: An admin password is needed to access the Startup Security Utility
If the Secure Boot settings have not been changed and the admin password is not known, the system cannot be booted directly using MacQuisition."
So... I'm not sure how they can say they can do a coldbox acquisition if they still require an admin password. Or if the target system is using Catalina, or if there is a Firmware Password set.
Does anyone have any other insight they could share about this?