Cellebrite’s Stolen Mobile Phone Hacking Tools Released Publicly

On February 2nd, a hacker publicly released what appear to be mobile phone hacking tools taken from Cellebrite, the mobile forensics company reportedly hired by the FBI to unlock the San Bernadino shooters’ iPhone last year.

The leaked files included tools that could be used to unlock “older iPhones,” Android, and Blackberry devices, according to a Motherboard article that quotes the unnamed hacker. No specific models of iPhones were named to define which “older” models were affected.

In the Motherboard interview, the hacker explains why Cellebrite was targeted and why the tools were released, “It’s important to demonstrate that when you create these tools, they will make it out.”

A Cellebrite statement announced the “unauthorized access to an external web server” on January 12, 2017, and a followup statement on January 24th stated that the 900 GB of data accessed was taken from a remote server and included “basic user contact details” and hashed user passwords. Cellebrite also states that “the attack did not impact any Cellebrite intellectual property… such as proprietary source code.” Their statement seems to support comments by forensic scientist Jonathan Zdiarski in the Motherboard article that the files are similar to jailbreaking code that is already freely available on the internet. In the readme file the accompanied links to the leaked data, the hacker also comments that “The more discerning eye will notice that some of the Apple exploits bear a remarkable resemblance to those available to any teenager interested in the jailbreaking scene.”

Cellebrite, an Israeli company, specializes in tools that allow their customers to access mobile devices. Their customers include US state police agencies, US federal agencies, and according to leaked customer service tickets from this data breach,Turkey’s National police force, the United Arab Emirates’s Ministry of Interior, a Russian Federation prosecutor’s office, and the Bahraini Ministry of Interior police force. Cellebrite became known to the general public last year when the FBI reportedly hired them to unlock the iPhone 5C of one of the perpetrators of the San Bernadino mass shooting after Apple refused to create the custom firmware to unlock the phone citing security and privacy concerns.

In an open letter, Apple CEO Tim Cook gave his reasons for Apple’s refusal, “In the wrong hands, this software… would have the potential to unlock any iPhone in someone’s physical possession…Once created, the technique could be used over and over again, on any number of devices.”  A Washington Post interview quotes Cook as saying, “The risk of what happens if it got out, we felt, could be incredibly terrible for public safety.”

The hacker included a message to the FBI in the readme file that accompanies the links to the data dump above ASCII art spelling out the word “backdoorz,” “@FBI Be Careful in what you wish for.”

Sources:

Motherboard. https://motherboard.vice.com/en_us/article/hacker-steals-900-gb-of-cellebrite-data

https://motherboard.vice.com/en_us/article/cellebrite-sold-phone-hacking-tech-to-repressive-regimes-data-suggests

Celebrite. Statement, 12 JAN. http://www.cellebrite.com/Mobile-Forensics/News-Events/Press-Releases/cellebrite-statement-on-information-security-breach

Statement, 24 JAN. http://www.cellebrite.com/Mobile-Forensics/News-Events/Press-Releases/Update-on-Information-Security-Investigation-to-Forensic-Customers

Security Week. http://www.securityweek.com/hacker-leaks-tools-stolen-cellebrite

Endgaget. https://www.engadget.com/2017/02/03/ios-cracking-tools-fbi-released/

MacRumors. https://www.macrumors.com/2017/02/03/hacker-leaks-ios-bypassing-tools/

Washington Post. http://www.washingtonpost.com/sf/business/wp/2016/08/13/2016/08/13/tim-cook-the-interview-running-apple-is-sort-of-a-lonely-job/

Apple Open Letter. http://www.apple.com/customer-letter/