After weeks of insisting that only Apple could enable it to access encrypted data on the iPhone of San Bernardino terrorism suspect Syed Farook, and Apple arguing that complying with the FBI’s order would set a bad precedent for users’ privacy rights, the government agency eventually found help from a third party but refused to identify that organization or the techniques that were used.
An Israeli newspaper later reveal the identity of this third party as Cellebrite. Now, some of the tools used by the Israeli mobile phone forensics company have found their way to the public, after a hacker stole 900GB worth of data from them, including documents that suggest Cellebrite sold its technology to the governments of Turkey, the United Arab Emirates and Russia.
Cellebrite’s main product is a laptop-sized device called the Universal Forensic Extraction Device (UFED), which can rip data including SMS messages, emails, call logs, and more from thousands of different models of mobile phones, as long as the UFED user is in physical possession of the phone.
The cache of leaked data includes alleged usernames and passwords from clients for logging into Cellebrite databases. There are also a number of directories for different smartphone brands, with each folder containing various exploits the UFED tool could employ and access via a Python script.
The iOS-related code found in the cache is similar to scripts created to jailbreak iPhones and includes modified versions of Apple firmware altered to break security on older iPhones. However, it seems the tools for cracking the San Bernardino shooter iPhone were not leaked.
"The debate around backdoors is not going to go away, rather, it is almost certainly going to get more intense as we lurch toward a more authoritarian society," the hacker that leaked the files wrote. "It's important to demonstrate that when you create these tools, they will make it out."