Hackers release phone cracking tools used by Cellebrite

Jos

Posts: 3,073   +97
Staff

After weeks of insisting that only Apple could enable it to access encrypted data on the iPhone of San Bernardino terrorism suspect Syed Farook, and Apple arguing that complying with the FBI’s order would set a bad precedent for users’ privacy rights, the government agency eventually found help from a third party but refused to identify that organization or the techniques that were used. 

An Israeli newspaper later reveal the identity of this third party as Cellebrite. Now, some of the tools used by the Israeli mobile phone forensics company have found their way to the public, after a hacker stole 900GB worth of data from them, including documents that suggest Cellebrite sold its technology to the governments of Turkey, the United Arab Emirates and Russia.

Cellebrite’s main product is a laptop-sized device called the Universal Forensic Extraction Device (UFED), which can rip data including  SMS messages, emails, call logs, and more from thousands of different models of mobile phones, as long as the UFED user is in physical possession of the phone.

The cache of leaked data includes alleged usernames and passwords from clients for logging into Cellebrite databases. There are also a number of directories for different smartphone brands, with each folder containing various exploits the UFED tool could employ and access via a Python script. 

The iOS-related code found in the cache is similar to scripts created to jailbreak iPhones and includes modified versions of Apple firmware altered to break security on older iPhones. However, it seems the tools for cracking the San Bernardino shooter iPhone were not leaked.

"The debate around backdoors is not going to go away, rather, it is almost certainly going to get more intense as we lurch toward a more authoritarian society," the hacker that leaked the files wrote. "It's important to demonstrate that when you create these tools, they will make it out."

Permalink to story.

 
"After weeks of insisting that only Apple could enable it to access encrypted data on the iPhone of San Bernardino terrorism suspect Syed Farook"

Um... I don't think the FBI ever claimed that... it simply claimed that Apple could enable the access - and SHOULD enable it...it was obvious very early on that there were alternate methods - Having Apple do it would simply have been the easiest and simplest...

This case shows that Apple was in the right to refuse, however.... They argued (correctly as it turned out), that once a backdoor was created, it would inevitably reach the public and make every device insecure. Well, Cellebrite being hacked kind of proves this to be true... it might be popular to hate on Apple, but it looks like they got this one right.
 
The mac is so "paranoid" in it's security that the security system will eventually lock itself out. Simple parameters in android studio, to compile android apps, cannot be changed in files as they have timestamps. They tell you not to change the files, telling you there is a way, but they don't give you the way. Then they put the keywords down to change them to, and after changing them you have to reinstall the compiler and migrate all the apps you wrote back in by cut and pasting appropriate part of source code. There is no import function for when the compiler breaks, and many times on eclipse it has broken just from my mother making noise making entire files contents disappear. What does this do to my head if the computer can't take it?
 
Out of work? Like beaches, tanned young women, and tropical weather. The 'BI may be offering startup grants to security individuals with the knowledge and skills required to provide binary translation services. Under the US Constitution, Federal agencies may not 'peek' into private files without a warrant. However, any person investigated is entitled to translation services in their native or working language, binary included.

The Cayman Islands do not fall under the US Constitution. The Cayman Islands are a lot closer than Israel. A business accepting anonymous images for translation to and from binary and bitcoins can be successful. Open a branch office 90 miles away for British customers. Apply today.
 
Back