Hacker uncovers files suggesting Cellebrite used codes from jailbreak tools to defeat iPho...

Posted:
in iPhone
Cellebrite, the digital forensics company believed to have helped the FBI break the security of the San Bernardino shooter's iPhone, may have repurposed other existing cracking tools used for jailbreaking iPhones, according to a new cache of files allegedly sourced from the security firm.




The hacker behind the breach of Cellebrite's servers in January is the same person behind the publication of the new files, reports Motherboard. The cache is said to include files used to gain access to data stored on smartphones, including older iPhones and devices running on Android and from BlackBerry.

The Israeli firm is known for providing a product to law enforcement agencies called the Universal Forensic Extraction Device (UFED), a unit that can be connected to a smartphone and used to pull a variety of data from it, including text messages, emails, images, and other items. While the tool can bypass security measures in a large number of instances, its usage against iPhones are limited to models using earlier versions of iOS, and can be thwarted by strong encryption schemes.

The unidentified hacker claims the tools were extracted from UFED images found on the 900GB of data in last month's server breach, and was able to bypass encryption used on the files. In the files were a number of directories, named after different smartphone brands, with each folder containing various exploits the tool could employ and access via a Python script.

It is noted by the hacker that the iOS-related code found in the cache is similar to scripts created to jailbreak iPhones, and is publicly-viewable code. Forensic scientist Jonathan Zdziarski advised to the report the iOS files were nearly identical to jailbreaking tools, and included modified versions of Apple firmware altered to break security on older iPhones.

One of the highlighted modifications was to a tool called QuickPwn, where the original jailbreaking project was modified to brute force PINs to unlock a device. The alteration is likely to be for forensic purposes, as Zdziarski suggests such an addition would be unusual for a jailbreaking project to include.

If the released files were used by Cellebrite in the UEFD, Zdziarski suggests "it would indicate they ripped off software verbatim from the jailbreak community and used forensically unsound and experimental software in their supposedly scientific and forensically validated products."

In response, Cellebrite told Motherboard the files were part of a distribution package of the application that it provides to customers, and they "do not include any source code." The spokesperson also claims the company monitors research from the security community, including jailbreaks and new research tools, to "enable platform research."

The hacker's motive to publish the files seems to be an attempt to sway the ongoing debate over encryption, with government agencies wanting to weaken security to make it easier to extract potential evidence from mobile devices.

"The debate around backdoors is not going to go away, rather, it is almost certainly going to get more intense as we lurch toward a more authoritarian society," the hacker writes. "It's important to demonstrate that when you create these tools, they will make it out. History should make that clear."

Comments

  • Reply 1 of 19
    zimmiezimmie Posts: 651member
    Obvious. Forensic investigators, spyware creators, jailbreakers and more have the same goal: total, unrestricted access to the system. Of course they're going to use the same methods. And if a given jailbreak is open-source, of course they're going to use that source code.

    As the article says, this is the perfect example of why, even if a "secure golden key" were possible to create (which it isn't), it would be profoundly irresponsible to do so.
  • Reply 2 of 19
    anomeanome Posts: 1,544member

    The encouraging thing about this is that they still had to brute force it, they couldn't just crack the encryption.

    And, yeah, it makes sense they'd use already available code. So would most people who were trying to crack a phone for nefarious purposes. If the code already exists, no point in trying to write it yourself from scratch.

    magman1979damn_its_hotrkmalve
  • Reply 3 of 19
    maestro64maestro64 Posts: 5,043member
    zimmie said:
    Obvious. Forensic investigators, spyware creators, jailbreakers and more have the same goal: total, unrestricted access to the system. Of course they're going to use the same methods. And if a given jailbreak is open-source, of course they're going to use that source code.

    As the article says, this is the perfect example of why, even if a "secure golden key" were possible to create (which it isn't), it would be profoundly irresponsible to do so.
    This is why we can not allow a bunch of people to went to liberal arts schools who run this country to make technologies decision. They can not get their head rapped around this problem. They think because the said it should be done it can be done and their is no negative side effects.
    stantheman
  • Reply 4 of 19
    eriamjheriamjh Posts: 1,730member
    Why develop your own tools when someone else does it for free?
    viclauyyc
  • Reply 5 of 19
    This could help drive faster adoption of the latest iPhones...
    edited February 2017
  • Reply 6 of 19
    eriamjh said:
    Why develop your own tools when someone else does it for free?
    That is what Samsung has said all along  ;)
    viclauyyc
  • Reply 7 of 19
    maestro64 said:
    zimmie said:
    Obvious. Forensic investigators, spyware creators, jailbreakers and more have the same goal: total, unrestricted access to the system. Of course they're going to use the same methods. And if a given jailbreak is open-source, of course they're going to use that source code.

    As the article says, this is the perfect example of why, even if a "secure golden key" were possible to create (which it isn't), it would be profoundly irresponsible to do so.
    This is why we can not allow a bunch of people to went to liberal arts schools who run this country to make technologies decision. They can not get their head rapped around this problem. They think because the said it should be done it can be done and their is no negative side effects.
    I went to art school and I am not retarded.
    retrogustoStrangeDays
  • Reply 8 of 19
    "As we lurch toward a more authoritarian society," the hacker writes, "it's important to demonstrate that when you create these tools, they will make it out. History should make that clear."

    'Nuff said.
  • Reply 9 of 19
    viclauyyc said:
    maestro64 said:
    zimmie said:
    Obvious. Forensic investigators, spyware creators, jailbreakers and more have the same goal: total, unrestricted access to the system. Of course they're going to use the same methods. And if a given jailbreak is open-source, of course they're going to use that source code.

    As the article says, this is the perfect example of why, even if a "secure golden key" were possible to create (which it isn't), it would be profoundly irresponsible to do so.
    This is why we can not allow a bunch of people to went to liberal arts schools who run this country to make technologies decision. They can not get their head rapped around this problem. They think because the said it should be done it can be done and their is no negative side effects.
    I went to art school and I am not retarded.

    Hopefully, you aren't running the country!!
  • Reply 10 of 19
    maestro64maestro64 Posts: 5,043member
    viclauyyc said:
    maestro64 said:
    zimmie said:
    Obvious. Forensic investigators, spyware creators, jailbreakers and more have the same goal: total, unrestricted access to the system. Of course they're going to use the same methods. And if a given jailbreak is open-source, of course they're going to use that source code.

    As the article says, this is the perfect example of why, even if a "secure golden key" were possible to create (which it isn't), it would be profoundly irresponsible to do so.
    This is why we can not allow a bunch of people to went to liberal arts schools who run this country to make technologies decision. They can not get their head rapped around this problem. They think because the said it should be done it can be done and their is no negative side effects.
    I went to art school and I am not retarded.

    that is your word...
    SpamSandwich
  • Reply 11 of 19
    viclauyyc said:
    maestro64 said:
    zimmie said:
    Obvious. Forensic investigators, spyware creators, jailbreakers and more have the same goal: total, unrestricted access to the system. Of course they're going to use the same methods. And if a given jailbreak is open-source, of course they're going to use that source code.

    As the article says, this is the perfect example of why, even if a "secure golden key" were possible to create (which it isn't), it would be profoundly irresponsible to do so.
    This is why we can not allow a bunch of people to went to liberal arts schools who run this country to make technologies decision. They can not get their head rapped around this problem. They think because the said it should be done it can be done and their is no negative side effects.
    I went to art school and I am not retarded.

    Hopefully, you aren't running the country!!
    No but I don't think he could do any worse than the moron we have now. 
    singularityMacPro
  • Reply 12 of 19
    eriamjh said:
    Why develop your own tools when someone else does it for free?
    That is what Samsung has said all along  ;)
    Hey! That's too true to be funny. I still think it's funny…
  • Reply 13 of 19
    StrangeDaysStrangeDays Posts: 13,055member
    maestro64 said:
    zimmie said:
    Obvious. Forensic investigators, spyware creators, jailbreakers and more have the same goal: total, unrestricted access to the system. Of course they're going to use the same methods. And if a given jailbreak is open-source, of course they're going to use that source code.

    As the article says, this is the perfect example of why, even if a "secure golden key" were possible to create (which it isn't), it would be profoundly irresponsible to do so.
    This is why we can not allow a bunch of people to went to liberal arts schools who run this country to make technologies decision. They can not get their head rapped around this problem. They think because the said it should be done it can be done and their is no negative side effects.
    Sorry but you're full of nonsense. I'm a liberal arts school grad and a software engineer. Stop trying to trash things you don't understand and let it be about the only thing that matters -- policy. 
    singularity
  • Reply 14 of 19
    StrangeDaysStrangeDays Posts: 13,055member
    The fact that they use jailbreaker tools should illuminate why Apple works to close jailbreaker loopholes, despite the decry from online critics when they do so. Fixing vulnerabilities matters. 
    rkmalve
  • Reply 15 of 19
    MacProMacPro Posts: 19,822member
    viclauyyc said:
    maestro64 said:
    zimmie said:
    Obvious. Forensic investigators, spyware creators, jailbreakers and more have the same goal: total, unrestricted access to the system. Of course they're going to use the same methods. And if a given jailbreak is open-source, of course they're going to use that source code.

    As the article says, this is the perfect example of why, even if a "secure golden key" were possible to create (which it isn't), it would be profoundly irresponsible to do so.
    This is why we can not allow a bunch of people to went to liberal arts schools who run this country to make technologies decision. They can not get their head rapped around this problem. They think because the said it should be done it can be done and their is no negative side effects.
    I went to art school and I am not retarded.

    Hopefully, you aren't running the country!!
    No one is!
  • Reply 16 of 19
    foggyhillfoggyhill Posts: 4,767member
    maestro64 said:
    zimmie said:
    Obvious. Forensic investigators, spyware creators, jailbreakers and more have the same goal: total, unrestricted access to the system. Of course they're going to use the same methods. And if a given jailbreak is open-source, of course they're going to use that source code.

    As the article says, this is the perfect example of why, even if a "secure golden key" were possible to create (which it isn't), it would be profoundly irresponsible to do so.
    This is why we can not allow a bunch of people to went to liberal arts schools who run this country to make technologies decision. They can not get their head rapped around this problem. They think because the said it should be done it can be done and their is no negative side effects.
    Sorry but you're full of nonsense. I'm a liberal arts school grad and a software engineer. Stop trying to trash things you don't understand and let it be about the only thing that matters -- policy. 
    A professional engineer? How is it even possible going from a liberal arts school grad, even if it was in high school. Around here, if you go to a liberal arts school, you wouldn't have the requisite courses to be admitted to a school with a 4 year engineering degree; I'm a graduate of Ecole polytechnique (Montreal) in computer engineering myself and when I tried to go to MIT after undergrad it was hell to get equivalences right (I'm from Canada).
    edited February 2017
  • Reply 17 of 19
    MacPro said:
    viclauyyc said:
    maestro64 said:
    zimmie said:
    Obvious. Forensic investigators, spyware creators, jailbreakers and more have the same goal: total, unrestricted access to the system. Of course they're going to use the same methods. And if a given jailbreak is open-source, of course they're going to use that source code.

    As the article says, this is the perfect example of why, even if a "secure golden key" were possible to create (which it isn't), it would be profoundly irresponsible to do so.
    This is why we can not allow a bunch of people to went to liberal arts schools who run this country to make technologies decision. They can not get their head rapped around this problem. They think because the said it should be done it can be done and their is no negative side effects.
    I went to art school and I am not retarded.

    Hopefully, you aren't running the country!!
    No one is!
    JFYI - somebody is running the country, maybe not the ones people voted for, but the arms export is still an important factor in US economy. Send a drone or DRAW your own conclusion!
  • Reply 18 of 19
    maestro64maestro64 Posts: 5,043member
    maestro64 said:
    zimmie said:
    Obvious. Forensic investigators, spyware creators, jailbreakers and more have the same goal: total, unrestricted access to the system. Of course they're going to use the same methods. And if a given jailbreak is open-source, of course they're going to use that source code.

    As the article says, this is the perfect example of why, even if a "secure golden key" were possible to create (which it isn't), it would be profoundly irresponsible to do so.
    This is why we can not allow a bunch of people to went to liberal arts schools who run this country to make technologies decision. They can not get their head rapped around this problem. They think because the said it should be done it can be done and their is no negative side effects.
    Sorry but you're full of nonsense. I'm a liberal arts school grad and a software engineer. Stop trying to trash things you don't understand and let it be about the only thing that matters -- policy. 


    I follow up on froogyhill said. As a electrical engineer who went to one of the top engineering schools and work in the computer and telecommunication industry for many years as professional engineer and work for some of the top tech company along with startup companies, before going back and getting my Business degree from the top business school, I think I am more than qualified to know what is going on with Tech and how the people trying to run this country can not understand the complexity of technology and the downsides of their short sited decisions. Even people in tech can not see the obvious road a decision is heading down, and people who do not understand tech are far worse at seeing where things are heading. If they do understand they claim ignorance since knowing does not get them what they want.

    And you're not a software engineer, you're are programmer, there is a huge different, lots of people can write code but do not understand the math and science behind compute systems. I know people from non science based educations who are web developers and "write code" but that does not make them a software engineer. I tell you what I use to tell programmers, sure you can write code, so can I, but I also can design and build the hardware that your code runs on but that does not make me a software engineer.

  • Reply 19 of 19
    rkmalverkmalve Posts: 1member
    Cellebrite is making the capital of cracking iPhone for FBI in a way to push their sales hard.
    WIth above article,it is evidently clear that Cellebrite used regular technique to decrypt it.
    I think ,there should be another entity in the mobile forensics market,which can provide nice solutions at acost effective price.
    Cellebrite has monopoly over this market and nowadays mobiles possess huge evidential importance.
    Programmers,Tech Gurus,Hackers,Infosec experts should come together to create a competition for Cellebrite.
    Friends,What do you think about?
    Also Kindly provide other working links coz existing links Backdoorz provided on Pastebin are not working.
    Thanks in advance.
    edited May 2017
Sign In or Register to comment.