Cellebrite gets hacked; some of its methods for unlocking phones are made public?
Cellebrite, the company whose devices allow users to unlock handsets, was hacked last month and 900GB of data was whisked away by a hacker. Today, the hacker started releasing some of the files which include methods for cracking open Android, BlackBerry and some older iOS models. Some of the data made public might have come from publicly available phone cracking devices.
The hacker claims to have stolen the content from a remote Cellebrite server. Even though it was encrypted to protect the company, the hacker was able to bypass this protection. Most of the files posted started with UFED (which is an acronym used by Cellebrite for its "Universal Forensic Extraction Device") followed with the name of a smartphone manufacturer such as Samsung, or BlackBerry.
According to forensic scientist Jonathan Zdziarski, some of the files revealed that parts of Cellebrite's machines use methods to unlock iOS devices that were created by the jailbraking community. Zdziarski says that if Cellebrite used these community-devised tools, it would mean that the company's scientific products actually contain "forensically unsound and experimental software."
Cellebrite has released a statement claiming that no source code has been released by the hacker. "The files referenced here are part of the distribution package of our application and are available to our customers." Cellebrite added that it often monitors the latest research which includes "newly published forensic methods, research tools and publicly documented issues, including "jailbreaks," which enable platform research."
The company was rumored to have helped the FBI unlock the Apple iPhone 5c belonging to deceased terrorist Sayed Farook.
source: Motherboard via MacRumors
According to forensic scientist Jonathan Zdziarski, some of the files revealed that parts of Cellebrite's machines use methods to unlock iOS devices that were created by the jailbraking community. Zdziarski says that if Cellebrite used these community-devised tools, it would mean that the company's scientific products actually contain "forensically unsound and experimental software."
"If, and it's a big if, they used this in UFED or other products, it would indicate they ripped off software verbatim from the jailbreak community and used forensically unsound and experimental software in their supposedly scientific and forensically validated products."-Jonathan Zdziarski, forensic scientist
Cellebrite has released a statement claiming that no source code has been released by the hacker. "The files referenced here are part of the distribution package of our application and are available to our customers." Cellebrite added that it often monitors the latest research which includes "newly published forensic methods, research tools and publicly documented issues, including "jailbreaks," which enable platform research."
source: Motherboard via MacRumors
Things that are NOT allowed: