Hacker Leaks Cellebrite's iOS Bypassing Tools, Tells FBI 'Be Careful What You Wish For'

It's been nearly a year since a U.S. federal judge originally ordered Apple to help the FBI hack into an iPhone owned by Syed Farook, one of the shooters in the December 2015 attacks in San Bernardino. As we learned in the months after the initial court order -- which Apple continually opposed -- the FBI enlisted the help of Israeli mobile software developer Cellebrite to open up the iPhone 5c in question.

Now a hacker has reportedly stolen and publicly released a cache of Cellebrite's most sensitive data, including its tools used to hack into older iPhones, as well as Android and BlackBerry smartphones (via Motherboard). Techniques that the firm uses to open "newer iPhones" were not included in the public posting, but it's also not clear exactly which models of iPhone are considered "older." Farook's iPhone 5c, which launched in 2013, is likely in that category.


Apple's main stance against the court order last year was its fear that creating such an operating system that bypassed the iPhone's basic security features -- essentially creating a "master key" for all iOS devices -- would set a "dangerous precedent" for the future of encryption and security. The bypass could also potentially make its way into the public and affect hundreds of millions of Apple customers, with Apple CEO Tim Cook claiming that the software the FBI wanted to use to force open Farook's iPhone was "the equivalent of cancer."

As pointed out by Motherboard, the newly leaked tools "demonstrate that those worries were justified." According to the hacker in question who shared Cellebrite's tools on Pastebin, the purpose behind the leak was to highlight the importance of the inevitability that any brute force tools aimed at bypassing encryption software "will make it out" into the public.
"The debate around backdoors is not going to go away, rather, its is almost certainly going to get more intense as we lurch toward a more authoritarian society," the hacker told Motherboard in an online chat.

"It's important to demonstrate that when you create these tools, they will make it out. History should make that clear," they continued.
Back in January the same hacker stole 900GB of sensitive Cellebrite data, but according to a Cellebrite spokesperson, only its customers' "basic contact information" had been put at risk. Delving into the cache of information, it was proven that the breach had uncovered much more detailed "customer information, databases, and a vast amount of technical data regarding Cellebrite's products."

In a README file posted alongside the more recent data dump on Pastebin, the hacker in question left a message directly addressing the FBI: "@FBI Be careful in what you wish for."

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Top Rated Comments

(View all)
Avatar
36 months ago

Back doors are sooo safe....


This is what I keep saying to my wife.
Rating: 46 Votes
Avatar
36 months ago
So a company that has their main product being encryption hacking tools, didn't take encryption and data security serious enough to protect customer information.
Rating: 31 Votes
Avatar
36 months ago
Thank you, anonymous hacker. Sometimes reality needs to be brought to certain people and organizations. Cheers!
Rating: 21 Votes
Avatar
36 months ago
And the FBI keeps insisting that it's not a dangerous precedent.

They're funny people.
Rating: 21 Votes
Avatar
36 months ago
Back doors are sooo safe....
Rating: 20 Votes
Avatar
36 months ago
Thumbs up for the whitehat hacker, and essentially validating Apple's argument. Huge thumbs down for greedy basturds Cell-out-brite...
Rating: 17 Votes
Avatar
36 months ago
I suspect the current US administration to give the FBI and CIA what ever surveillance they want.
Rating: 17 Votes
Avatar
36 months ago
Frightening when you think about the hackers who DON'T announce that they've released the tools to the public. Thank goodness for Whitehats.
Rating: 17 Votes
Avatar
36 months ago

So a company that has their main product being encryption hacking tools, didn't take encryption and data security serious enough to protect customer information.

I don't think that's the case at all. I think this highlights that no matter what kind of security policies you have in place, given enough time if the target is important enough to someone it will be infiltrated.

Security is an ever evolving cat and mouse game, which just highlights how ******* stupid the FBI's proposals were. The "golden key" scenario where they promise they will make sure no one gets the key doesn't work. MICROSOFT of all examples, demonstrated the pitfalls of this scheme not too long ago:

https://arstechnica.com/security/2016/08/microsoft-secure-boot-firmware-snafu-leaks-golden-key/

If you have a master key, it WILL be compromised.
Rating: 13 Votes
Avatar
36 months ago
Good. Very good.
Rating: 8 Votes
[ Read All Comments ]