A hacker who allegedly stole over 900 GB of data from Israeli forensics company Cellebrite has publicly released a cache of the files related to older iPhones, in addition to Android and BlackBerry devices, Motherboard reports. The stolen data suggested that Cellebrite, the company rumored to have helped the FBI in the San Bernardino forensics case, had also sold its technology to a variety of oppressive regimes such as Turkey, the United Arab Emirates, and Russia. The hacker’s motivation appears to be focused on stirring up the debate around backdoors and their use by authoritarian societies, as well as demonstrating that tools created to hack devices like iPhones are certain to make it out in the wild. Apple CEO Tim Cook made a similar point that such backdoors are ““too dangerous to create” when he penned an open letter last year opposing the FBI’s attempts to force Apple to unlock the San Bernardino shooter’s iPhone.
Cellebrite is a security firm based in Israel which specializes in extracting data from mobile phones for law enforcement agencies. Although the FBI itself never publicly revealed the hackers or company behind the San Bernardino case, Cellebrite’s technology is in wide use within U.S. law enforcement agencies; an investigation by Motherboard late last year revealed that U.S. state police forces and highway patrols have “collectively spent millions of dollars” on Cellebrite’s technology.
The company’s flagship product is known as the Universal Forensic Extraction Device (UFED), and typically comes as a small, laptop-sized device that can be used to extract information from thousands of different mobile phone models, although the phone must be physically connected to the UFED. The hacker claims to have accessed and decrypted the code used in the UFED devices from a remote Cellebrite server, and in their analysis mentioned that a lot of the iOS-related hacking code appears to be similar, if not drawn directly from, the jailbreaking community. Speaking to Motherboard, Forensic scientist Jonathan Zdziarski explained that some of the iOS files were nearly identical to jailbreaking tools such as limera1n and QuickPwn, albeit adapted for forensic purposes to perform tasks such as brute-forcing passcodes.
Zdziarski noted that “If, and it’s a big if, they used this in UFED or other products, it would indicate they ripped off software verbatim from the jailbreak community and used forensically unsound and experimental software in their supposedly scientific and forensically validated products.” A spokesperson for Cellebrite contacted Motherboard by email, stating: “The files referenced here are part of the distribution package of our application and are available to our customers.
