When Apple refused to compromise iOS security last year and unlock the iPhone 5c belonging to the San Bernardino shooter, the FBI turned to an Israeli mobile forensics firm called Cellebrite to find a way in to the encrypted iPhone. Now Motherboard reports that a hacker has released files allegedly from Cellebrite that demonstrate how cracking tools can’t be kept private.
The hacker claimed to have taken the newly released data from a remote Cellebrite server, and said they had extracted them from UFED images. They told Motherboard that the files were encrypted, likely in an attempt to protect Cellebrite’s intellectual property, but that they managed to bypass the protections.
Motherboard says Cellebrite had 900GB of data stolen in last month which suggested the firm sold security cracking tools to countries including Russia, Turkey, and the UAE. The report adds that the hacker responsible is claiming to have released a cache of stolen files from Cellebrite related to cracking older iPhones.
Now the hacker responsible has publicly released a cache of files allegedly stolen from Cellebrite relating to Android and BlackBerry devices, and older iPhones, some of which may have been copied from publicly available phone cracking tools. […]
“It’s important to demonstrate that when you create these tools, they will make it out. History should make that clear,” they continued.
While the report notes that Cellebrite’s phone cracking tools require physical access to the device, Motherboard‘s source says it was able to steal data from Cellebrite’s servers and break encryption used to protect the information.
In their README, the hacker notes much of the iOS-related code is very similar to that used in the jailbreaking scene—a community of iPhone hackers that typically breaks into iOS devices and release its code publicly for free.
While tools for cracking iPhones including the one used by the San Bernardino shooter were not leaked, the hacker’s effort does demonstrate that even security firms that specialize in breaking encryption can potentially be targeted as well.
That argument was largely what Apple presented last year when the FBI requested Apple create a special version of iOS that could be used as a workaround to access data on the encrypted iPhone 5c.
Apple’s position was that creating such an operating system would compromise the security of all customers if the tool was accessed by the wrong people.
While the data in question with this incident appears to be related to older iPhones, the best practice for customers should be to keep software up-to-date as iOS versions regularly improve security. As for the encryption debate, we’re likely to see it continue with episodes like this one hopefully informing the public.