9to5 MAC: Trump shooter used Android phone from Samsung; cracked by Cellebrite in 40 minutes

Earlier this week, the FBI announced that it had accessed the locked phone of Thomas Matthew Crooks, the man who opened fire at a Trump rally last Saturday. A new report from Bloomberg today reveals more details about this process and the phone used by Crooks.
Jul 23

After Saturday’s Trump rally shooting, the FBI said on Sunday that it had been unsuccessful in unlocking Crooks’ phone. The phone was then sent to the FBI lab in Quanitco, Virginia, and on Tuesday the bureau confirmed that it had successfully unlocked the phone in question.

Until today, however, we had no indication whether Crooks had used an iPhone or an Android phone, nor did we know specific details about the process.

Bloomberg reports today that the shooter used a “newer Samsung model that runs Android’s operating system.” The FBI’s initial attempt to unlock the phone on Sunday involved using Cellebrite software to bypass or identify the phone’s passcode.

When that initial effort failed, the FBI turned directly to Cellebrite for help unlocking the Samsung device. Cellebrite then gave the FBI access to “additional technical support and new software that was still being developed.”
With the new software from Cellebrite, the FBI was subsequently able to unlock the phone in 40 minutes.
Earlier today, The Associated Press, reported that Crooks had “photos on his phone of the former Republican president, President Joe Biden and other officials.” The FBI also reportedly found searches for “information about major depressive disorder” on the phone.

Meanwhile, a leak on Thursday revealed that Cellebrite can’t unlock iPhones running iOS 17.4 and later. As of right now, Cellebrite also cannot currently break into most iPhones running iOS 17.1 to 17.3.1, though hardware vulnerabilities in the iPhone XR and iPhone 11 mean those are exceptions.