Suncorp: The Real Winner in the FBI's iPhone Unlocking Fight

The FBI found a way into Syed Farook's iPhone and dropped its fight to force Apple to create a hackable version of iOS. The real winner here isn't the FBI or Apple, it's Suncorp—Cellebrite's parent company—who's stock jumped 40 percent in the week since the government said an outside party was helping hack into the iPhone.

Suncorp is the big winner in the iPhone unlocking fightSuncorp is the big winner in the iPhone unlocking fight

Just over a week ago the FBI said it was working with an unnamed outside party to get into the San Bernardino shooter's iPhone. Law enforcement wanted to see the encrypted contents of the phone, but didn't have an easy way to get at it because of the iPhone's built-in security feature that would destroy the data after ten failed passcode attempts.

Law enforcement officers couldn't look at the phone's encrypted data because Mr. Farook and his wife, Tashfeen Malik, were killed by police after the two opened fire on their San Bernardino County coworkers. The couple killed 14 people and injured 22 others.

The FBI obtained a court order demanding Apple create a custom version of the iPhone operating system without the security features preventing brute force attacks on the passcode, but Apple refused calling the order an overreach of government authority and a dangerous precedent that would strip away digital security and privacy.

The two were scheduled to appear in court to defend their positions last Tuesday, but hours before the hearing the FBI revealed it had a secret partner with a means to get into the iPhone—something the agency adamantly insisted up until then only Apple could do. The hearing was put on hold to see if the mystery company's technique would be successful, and it turns out it was.

Now the FBI says it has the contents of Mr. Farook's iPhone, but isn't talking about which company helped, or what technique they used. The assumption has been it was the Israeli  Cellebrite, which is owned by Suncorp. The company makes forensic tools for extracting evidence from smartphones, and already had contracts with the U.S. Department of Justice.

In the week following the postponed hearing, Suncorp's stock value shot up 40 percent on the assumption Cellebrite hacked into the shooter's iPhone. So far, the FBI, Cellebrite, and Suncorp have refused to confirm who was involved.

Next up: Suncorp and Cellebrite's FBI links

Suncorp and Cellebrite's FBI links

Fortune thinks it found the smoking gun linking Cellebrite to the iPhone unlocking through FBI purchase orders coinciding with the revelation that someone other than Apple could hack into the device. One order for US$15,278.02 came the day the FBI requested the hearing delay, and the second for $218,004.85 came on the same day the FBI said it had access to the iPhone's data.

Both purchases are compelling, but neither is conclusively linked to Mr. Farook's iPhone. Cellebrite has a working history with the FBI and may involved in other investigations.

CNBC said on Twitter Cellebrite is the company helping the FBI, but didn't offer any evidence to back up the claim. An interesting statement to make, but not one to take at face value without any concrete confirmation.

There's also a video Cellebrite posted on YouTube in July 2015 showing how to use their tools to find an iPhone's passcode. The video shows Cellebrite's Windows-based passcode extraction software, along with the specialized cables used in the process.

The video is another compelling piece pointing to Cellebrite's possible involvement in accessing Mr. Farook's iPhone, but again isn't conclusive evidence.

The video does more to discredit the FBI's original claim that Apple had to make a hackable version of iOS because it was released about seven months before the court order was requested. Assuming this is the method that did get into Mr. Farook's iPhone, it turns the FBI's court order request and subsequent fight into nothing more than an attempt to manipulate the legal system and intentionally strip away our right to privacy.

It also means a company is sitting on a reproducible 0-day exploit, and if one company has it, others may, too. Apple no doubt would like to see this exploit in action so its engineers can find a way to block it and increase the iPhone's privacy and security protections.

Regardless of who really has the exploit, it's Suncorp that's benefitting. The company's stock is on the rise and all it has to do is keep quiet. Contrast that to the losers: the FBI for looking incompetent and disingenuous, Apple for failing to keep our iPhones secure, and the public's eroding privacy.