Cellebrite iPhone hacking tools selling on eBay for as little as $100
Meant to be used only by law enforcement, Cellebrite hacking tools for iPhones and other smartphones are reportedly selling on eBay for sums as low as $100.
Image Credit: AFP/Getty Images
The most expensive the used hardware gets is $1,000, Forbes said on Thursday. Cellebrite sells new systems for $6,000 or higher.
The forensic data firm is sending letters to clients warning them against reselling its hacking tools, given the potential for illegally breaking into private data. Nominally the equipment is expected to be sent back to Cellebrite -- serious concerns have been raised given that people within or connected to police agencies are not only putting the tools in the hands of unknown persons, but potentially leaking case data if it hasn't been wiped.
One security researcher, Matthew Hickey, recently bought a dozen such units and discovered data on what devices were searched and when, and the forms of data that were extracted. That includes IMEI numbers, which could be used to track down an individual phone.
The devices could even contain chats and contact lists, Hickey said, though he chose not to explore that material.
Still more worrisome is the possibility that Cellebrite's tools could map out vulnerabilities it hasn't shared with Apple and other vendors. Apple tends to close exploits used by forensics firms as soon as it discovers them, since they could just as well be used illegally.
Cellebrite is famously believed to be the third party the FBI turned to crack the iPhone 5c of San Bernardino killer Syed Rizwan Farook. The FBI and Department of Justice had been insisting that they needed Apple to code a backdoor, but were met with active opposition by CEO Tim Cook and others, who argued that the company would have to fundamentally compromise the security of iOS -- precisely because backdoors could be leaked or shared by government agencies, or else discovered independently.
Various U.S. officials have complained that Apple's insistence on end-to-end messaging encryption and full-disk encryption for devices is causing its products to "go dark" to law enforcement and spy agencies. The battle has in fact gone global, with the "Five Eyes" intelligence network -- including Australia, Canada, New Zealand, the U.K. and the U.S. -- claiming that "privacy is not an absolute," and hoping for legislation that can bypass encryption, despite complaints from tech companies, privacy advocates, and the public.
Image Credit: AFP/Getty Images
The most expensive the used hardware gets is $1,000, Forbes said on Thursday. Cellebrite sells new systems for $6,000 or higher.
The forensic data firm is sending letters to clients warning them against reselling its hacking tools, given the potential for illegally breaking into private data. Nominally the equipment is expected to be sent back to Cellebrite -- serious concerns have been raised given that people within or connected to police agencies are not only putting the tools in the hands of unknown persons, but potentially leaking case data if it hasn't been wiped.
One security researcher, Matthew Hickey, recently bought a dozen such units and discovered data on what devices were searched and when, and the forms of data that were extracted. That includes IMEI numbers, which could be used to track down an individual phone.
The devices could even contain chats and contact lists, Hickey said, though he chose not to explore that material.
Still more worrisome is the possibility that Cellebrite's tools could map out vulnerabilities it hasn't shared with Apple and other vendors. Apple tends to close exploits used by forensics firms as soon as it discovers them, since they could just as well be used illegally.
Cellebrite is famously believed to be the third party the FBI turned to crack the iPhone 5c of San Bernardino killer Syed Rizwan Farook. The FBI and Department of Justice had been insisting that they needed Apple to code a backdoor, but were met with active opposition by CEO Tim Cook and others, who argued that the company would have to fundamentally compromise the security of iOS -- precisely because backdoors could be leaked or shared by government agencies, or else discovered independently.
Various U.S. officials have complained that Apple's insistence on end-to-end messaging encryption and full-disk encryption for devices is causing its products to "go dark" to law enforcement and spy agencies. The battle has in fact gone global, with the "Five Eyes" intelligence network -- including Australia, Canada, New Zealand, the U.K. and the U.S. -- claiming that "privacy is not an absolute," and hoping for legislation that can bypass encryption, despite complaints from tech companies, privacy advocates, and the public.
Comments
https://www.featuredcustomers.com/vendor/cellebrite/customers
These devices and hacks are extremely dangerous for citizens and governments alike as then no information is safe.
Do we know if they even work on a device with iOS 12? that may be why the dump - Apple updated iOS and they're suddenly useless.
Which is exactly what happened to RIM's master key for their messaging platform.
The bad guys can reverse engineer the tools used by law enforcement. Or, just steal the tool and sell it...
But on my Apple Watch, if I have a 4 digit passcode it shows (or used to anyway) 4 dots (or something similar). But changing that to a 6 digit passcode is more akin to the alphanumeric passcode on the iPhone, it just shows a blank area that expands the more you tap in the code, there is no indication as to how long the code is.
It would be nice if even a 4 digit passcode was made slightly more obscure for if your phone is ever lost/stolen/confiscated.
Government can never be trusted if allone because of utter stupidity.
I’m quite certain you did not see one of these devices being used for that purpose.