This is part of a Motherboard mini-series on the proliferation of phone cracking technology, the people behind it, and who is buying it. Follow along here.
Lawsuits. Bribery. Companies not paying for exploits.
The mobile phone forensics cracking industry can sometimes be a pretty dirty place. In this trade, companies find different ways to pull data from mobile phones, typically for law enforcement. The industry entered the spotlight last year when the FBI paid a group of undisclosed hackers to break into the iPhone 5s of one of the San Bernardino shooters.
Dominated by corporate giants, one of which has cornered the market for mobile phone cracking technology in the US, and also home to plenty of smaller shops, the mobile forensics trade is littered with unsavory episodes.
“Mobile forensics is a cesspool,” Jonathan Zdziarski, a forensic scientist who has worked in the industry, told Motherboard in a phone call. “I was quite disgusted at what I saw.”
“What I've seen is bribery: trying to pay-off certain employees at a company for information,” Zdziarski continued. “I've been approached by some companies early on and I've called them out publicly in the past, in law enforcement circles, for trying to get me to violate certain copyrights and send intellectual property that didn't belong to me.”
Some companies also steal exploits from other hackers, either by reverse-engineering products or by pinching trade secrets, Zdziarski added.
When one company used publicly available code made by Jon Sawyer, a mobile security researcher, he characterized it as theft.
“Magnet Forensics stole from me,” Sawyer told Motherboard in a phone call.
Sawyer publishes a lot of his research out in the open, in part to support the jailbreaking scene, in which hackers continually try to find new ways to exploit phones, he said. If a company wanted to take that work, reverse-engineer it, and re-implement it themselves into a product, Sawyer doesn't have a problem with that, he added.
But in this case, Sawyer obtained a beta Magnet product, dug around inside, and found his own code nested within Magnet's firmware. “They took the copy signed with my cryptographic key, and put it in their product,” Sawyer said.
A spokesperson for Magnet Forensics told Motherboard in an email, "Mr. Sawyer contacted Magnet Forensics saying the beta software was not in compliance with his licensing. Magnet Forensics immediately removed his code and issued an update for our beta customers. This code was never included in a public release of the free software tool."
Some companies end up suing each other too.
In 2013, Israeli-company Cellebrite accused rival Micro Systemation AB (MSAB) of copyright infringement, misappropriation of trade secrets, trademark infringement, and unfair competition. Specifically, the complaint alleged that MSAB had reverse-engineered Cellebrite's Universal Extraction Forensic Device (UFED) products, and then integrated Cellebrite's copyrighted material into its own software. In late 2015, Cellebrite accused another company, Oxygen Forensics, of much the same thing. Cellebrite voluntarily withdrew the lawsuit in March of this year.
A section of the lawsuit against Oxygen Forensics.
So why might the mobile forensics trade be particularly dirty? The sheer number of mobile phone models, each with its own idiosyncrasies requiring a different approach, might be one reason why some companies are apparently keen to steal other's work.
“I've got 400 of them in my lab alone,” Sawyer said. Covering as much of the mobile market as possible is a lot of work, and law enforcement customers don't need a forensics solution tomorrow, but today.
And then, of course, there's the money.
“There is a huge budget, just in this country, in terms of federal dollars,” Zdziarski said. “It's very lucrative for anyone doing government-type work.”
Get six of our favorite Motherboard stories every day by signing up for our newsletter.