Hacker Leaks Cellebrite's iOS Bypassing Tools, Tells FBI 'Be Careful What You Wish For'

MacRumors

macrumors bot
Original poster
Apr 12, 2001
7,437
8,501



It's been nearly a year since a U.S. federal judge originally ordered Apple to help the FBI hack into an iPhone owned by Syed Farook, one of the shooters in the December 2015 attacks in San Bernardino. As we learned in the months after the initial court order -- which Apple continually opposed -- the FBI enlisted the help of Israeli mobile software developer Cellebrite to open up the iPhone 5c in question.

Now a hacker has reportedly stolen and publicly released a cache of Cellebrite's most sensitive data, including its tools used to hack into older iPhones, as well as Android and BlackBerry smartphones (via Motherboard). Techniques that the firm uses to open "newer iPhones" were not included in the public posting, but it's also not clear exactly which models of iPhone are considered "older." Farook's iPhone 5c, which launched in 2013, is likely in that category.


Apple's main stance against the court order last year was its fear that creating such an operating system that bypassed the iPhone's basic security features -- essentially creating a "master key" for all iOS devices -- would set a "dangerous precedent" for the future of encryption and security. The bypass could also potentially make its way into the public and affect hundreds of millions of Apple customers, with Apple CEO Tim Cook claiming that the software the FBI wanted to use to force open Farook's iPhone was "the equivalent of cancer."

As pointed out by Motherboard, the newly leaked tools "demonstrate that those worries were justified." According to the hacker in question who shared Cellebrite's tools on Pastebin, the purpose behind the leak was to highlight the importance of the inevitability that any brute force tools aimed at bypassing encryption software "will make it out" into the public.
"The debate around backdoors is not going to go away, rather, its is almost certainly going to get more intense as we lurch toward a more authoritarian society," the hacker told Motherboard in an online chat.

"It's important to demonstrate that when you create these tools, they will make it out. History should make that clear," they continued.
Back in January the same hacker stole 900GB of sensitive Cellebrite data, but according to a Cellebrite spokesperson, only its customers' "basic contact information" had been put at risk. Delving into the cache of information, it was proven that the breach had uncovered much more detailed "customer information, databases, and a vast amount of technical data regarding Cellebrite's products."

In a README file posted alongside the more recent data dump on Pastebin, the hacker in question left a message directly addressing the FBI: "@FBI Be careful in what you wish for."

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: Hacker Leaks Cellebrite's iOS Bypassing Tools, Tells FBI 'Be Careful What You Wish For'
 


NT1440

macrumors G5
May 18, 2008
12,141
13,987
So a company that has their main product being encryption hacking tools, didn't take encryption and data security serious enough to protect customer information.
I don't think that's the case at all. I think this highlights that no matter what kind of security policies you have in place, given enough time if the target is important enough to someone it will be infiltrated.

Security is an ever evolving cat and mouse game, which just highlights how ******* stupid the FBI's proposals were. The "golden key" scenario where they promise they will make sure no one gets the key doesn't work. MICROSOFT of all examples, demonstrated the pitfalls of this scheme not too long ago:

https://arstechnica.com/security/2016/08/microsoft-secure-boot-firmware-snafu-leaks-golden-key/

If you have a master key, it WILL be compromised.
 

gnasher729

macrumors P6
Nov 25, 2005
16,504
3,099
So a company that has their main product being encryption hacking tools, didn't take encryption and data security serious enough to protect customer information.
That's the difference between them and the NSA. They are _only_ interested in cracking encryption. The NSA has both jobs at the same time, cracking decryption and protecting encryption, and they have clearly and repeatedly stated that they want no back doors. If anyone didn't understand why, they should now.
 
  • Like
Reactions: sudo1996

thisisnotmyname

macrumors 68000
Oct 22, 2014
1,966
4,245
known but velocity indeterminate
As predicted and warned. Personally I'm glad to be running latest hardware given this news but overall I'm conflicted as A) this hack and release has put certain devices at risk which is bad and B) it's proven the theoretical point many were making when voicing opposition to the FBI's desire for access which is important to blocking future attempts to do the same.
 
  • Like
Reactions: DoctorTech

Septembersrain

Contributor
Dec 14, 2013
3,362
3,717
Texas
Aaaah, the 5C - the best looking iPhone they ever made, it deserved to have up to date hardware inside it :(
That is and was still my favorite iPhone. I was an Android fangirl. That blue 5c was the first iPhone that ever caught my attention. I still have it. I've got a jet black 7+ now and it has a similar feel to the 5c.

As for using the backdoors, what did the FBI expect. We teach militants how to fire guns, then give them weaponry and they turn on us. The FBI uses some third party, potentially with hackers on the inside, and expect zero consequences?