Earlier in January, Israeli mobile forensics company Cellebrite disclosed that a hacker has stolen close to a terabyte of data from their legacy server. After taking some time to sift through massive troves of data, the hacker is now dumping alleged iOS bypassing tools on the internet as a warning to the FBI. This development was initially reported by Motherboard.
The hacker who managed to sneak past Cellebrite’s server has now publicly released a cache of sensitive data. This includes code fragments related to Cellebrite’s Universal Forensic Extraction Device (UFED), which is allegedly used to crack older iPhones. This technology is also helpful in bypassing Android and BlackBerry devices, to gain access to phone logs, messages, emails, and more.
As for the data dump on Pastebin, it contains some iOS-specific files that seem identical to publicly available jailbreaking tools. Some parts of the data contain other jailbreak software tools but they’ve been modified to expose PIN numbers — by using a brute force method. This is not the usual behavior for the said technology. The cracking tools haven’t been released by hackers as of yet, but it has definitely garnered a lot interest from cyber analysts.
In an online conversation with Motherboard, the anonymous hacker says,
The debate around backdoors is not going to go away, rather, its is almost certainly going to get more intense as we lurch toward a more authoritarian society. It’s important to demonstrate that when you create these tools, they will make it out. History should make that clear.
The hacker further continues to exclaim that the creation of such exploitable tools makes their release inevitable. It has also been stated that the tools can virtually be accessed by anyone with technical knowledge of the subject. The said individual has not only managed to break the legacy server but also bypass the protection (attempt to secure intellectual property) and decrypt the files. In a read.me file accompanying the data dump, the hacker has included the said message:
The ripped, decrypted and fully functioning Python script set to utilize the exploits is also included within.
The data grabbed by the hacker suggested that the company has sold its phone bypassing technology to a handful of oppressive regimes such as Turkey, the UAE, and Russia. It was allegedly also used by the FBI to break into the San Bernardino shooter’s iPhone 5c, where the court had been pressurizing Apple to support the efforts. Recently, there has also been chatter that India was looking to buy this technology from Cellebrite, thus, allowing it to unlock iPhones and other devices, on its own.
Cellebrite, on the other hand, has mentioned that the stolen data includes just research material for developing new forensic methods. This is said to include research tools, publicly available documents, and other popular jailbreak study material. Talking about the said data dump, a Cellebrite spokesperson says,
The files referenced here are part of the distribution package of our application and are available to our customers. They do not include any source code.