Hacker Dumps Tools Linked To Cellebrite

A while ago I reported that Israel-based mobile phone forensics company Cellebrite was hacked by unknown actors. At the time, it was said that only customer data was stolen. It now appears that this is no longer the case. In the last couple of days, a data dump has appeared online containing tools for extracting data from older iPhones, Android phones, and BlackBerry phones. Motherboard has the details:

Cellebrite is an Israeli firm which specializes in extracting data from mobile phones for law enforcement agencies. The company’s flagship product, the Universal Forensic Extraction Device (UFED), typically comes as a small, laptop-sized device, and can pull SMS messages, emails, and more from thousands of different mobile phone models. The investigator needs to have physical access to the phone to analyze it.

A Motherboard investigation found that US state police and highway patrol agencies have collectively spent millions of dollars on Cellebrite technology.

The hacker claimed to have taken the newly released data from a remote Cellebrite server, and said they had extracted them from UFED images. They told Motherboard that the files were encrypted, likely in an attempt to protect Cellebrite’s intellectual property, but that they managed to bypass the protections.

“The ripped, decrypted and fully functioning Python script set to utilize the exploits is also included within,” the hacker wrote in a README file accompanying the data dump. The hacker posted links to the data on Pastebin.

It’s not clear when any of this code was used in the UFED. Many of the directory names start with “ufed” followed by a different type of phone, such as BlackBerry or Samsung.

In their README, the hacker notes much of the iOS-related code is very similar to that used in the jailbreaking scene—a community of iPhone hackers that typically breaks into iOS devices and release its code publicly for free.

Well, that’s going to make Apple, not to mention Google and BlackBerry really happy as those tools will allow them to make countermeasures against this sort of thing. Researchers are likely happy as they get to troll this info for anything interesting. You can copy and past that statement for hackers as well as they will want to use the info to make exploits. But it’s safe to say that Cellebrite is likely not happy as they’re clearly using techniques that are already in the public domain, which takes away their “street cred.”

Oh, to quote the late Steve Jobs, there’s one more thing:

“@FBI Be careful in what you wish for,” the hacker’s message reads, before signing off with a piece of ASCII art, which says “Backdoorz.”

If you recall, Apple made the point when fighting the FBI’s attempts to get them to unlock the San Bernardino Shooter’s iPhone last year was that anything that it did had the risk of becoming public which would put iPhone users everywhere at risk. It now seems that this has come true. One wonders what the blow back will be from this.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: