“FBI, Be Careful in What You Wish for” – Cellebrite Hacker Dumps iOS Cracking Tools
Earlier in January, we reported that a hacker had stolen 900GB of data from popular forensics company Cellebrite. Stolen data had revealed that Cellebrite had been selling its tools to repressive regimes - including Russia, Turkey, and Bahrain - that use surveillance and phone cracking technologies to persecute journalists and dissidents.
In a fresh dump of stolen Cellebrite data, the hacker has now publicly released a cache of files demonstrating that phone cracking tools cannot be kept private, regardless of what the FBI and other law enforcement agencies may like the users to believe.
"It's important to demonstrate that when you create these tools, they will make it out. History should make that clear."
The latest public dump of data relates to some Android, BlackBerry, and older iPhones. The hacker responsible for the Cellebrite breach spoke to Motherboard and posted links to the data on Pastebin.
The hacker claimed to have taken the newly released data from a remote Cellebrite server, and said they had extracted them from UFED images. They told Motherboard that the files were encrypted, likely in an attempt to protect Cellebrite’s intellectual property, but that they managed to bypass the protections.
The leaked data isn't the most sensitive, as Cellebrite requires physical access for tools on more recent phones. "Although these dumped tools may not be the most sensitive - Cellebrite keeps its techniques for cracking more recent iPhones inhouse - they do demonstrate that those worries were justified," Motherboard noted.
In their README, the hacker notes much of the iOS-related code is very similar to that used in the jailbreaking scene - a community of iPhone hackers that typically breaks into iOS devices and release its code publicly for free.
Apple had also used the same argument in its fierce battle against the Federal Bureau of Investigation last year. The FBI had demanded Apple to create a backdoor access in iOS for law enforcement agencies. However, privacy experts and Apple argued that creating a backdoor weakens user security because no one can ensure the security of these backdoor tools.
As the latest breach confirmed, even the security firms who put millions of dollars and thousands of hours on creating these tools aren't safe from breaches, further reinforcing Apple's worries.
Cellebrite had earlier said the breach had only resulted in a leak of "basic contact information." Now, with more proof available publicly, the Israeli firm told Motherboard that "the files referenced here are part of the distribution package of our application and are available to our customers. They do not include any source code."
With the data - even if outdated - publicly available, security experts are expected to find more interesting bits and pieces from this dumped data in the coming days.
The hacker added, "@FBI Be careful in what you wish for."