Hacker Leaks Cellebrite's iOS Bypassing Tools, Tells FBI 'Be Careful What You Wish For'

Discussion in 'Politics, Religion, Social Issues' started by MacRumors, Feb 3, 2017.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    It's been nearly a year since a U.S. federal judge originally ordered Apple to help the FBI hack into an iPhone owned by Syed Farook, one of the shooters in the December 2015 attacks in San Bernardino. As we learned in the months after the initial court order -- which Apple continually opposed -- the FBI enlisted the help of Israeli mobile software developer Cellebrite to open up the iPhone 5c in question.

    Now a hacker has reportedly stolen and publicly released a cache of Cellebrite's most sensitive data, including its tools used to hack into older iPhones, as well as Android and BlackBerry smartphones (via Motherboard). Techniques that the firm uses to open "newer iPhones" were not included in the public posting, but it's also not clear exactly which models of iPhone are considered "older." Farook's iPhone 5c, which launched in 2013, is likely in that category.

    [​IMG]

    Apple's main stance against the court order last year was its fear that creating such an operating system that bypassed the iPhone's basic security features -- essentially creating a "master key" for all iOS devices -- would set a "dangerous precedent" for the future of encryption and security. The bypass could also potentially make its way into the public and affect hundreds of millions of Apple customers, with Apple CEO Tim Cook claiming that the software the FBI wanted to use to force open Farook's iPhone was "the equivalent of cancer."

    As pointed out by Motherboard, the newly leaked tools "demonstrate that those worries were justified." According to the hacker in question who shared Cellebrite's tools on Pastebin, the purpose behind the leak was to highlight the importance of the inevitability that any brute force tools aimed at bypassing encryption software "will make it out" into the public.
    Back in January the same hacker stole 900GB of sensitive Cellebrite data, but according to a Cellebrite spokesperson, only its customers' "basic contact information" had been put at risk. Delving into the cache of information, it was proven that the breach had uncovered much more detailed "customer information, databases, and a vast amount of technical data regarding Cellebrite's products."

    In a README file posted alongside the more recent data dump on Pastebin, the hacker in question left a message directly addressing the FBI: "@FBI Be careful in what you wish for."

    Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

    Article Link: Hacker Leaks Cellebrite's iOS Bypassing Tools, Tells FBI 'Be Careful What You Wish For'
     
  2. Crosscreek macrumors 68030

    Crosscreek

    Joined:
    Nov 19, 2013
    Location:
    Margarittaville
    #2
    I suspect the current US administration to give the FBI and CIA what ever surveillance they want.
     
  3. mcdspncr macrumors regular

    mcdspncr

    Joined:
    Jul 2, 2011
  4. Paul Dawkins Suspended

    Paul Dawkins

    Joined:
    Dec 15, 2016
    Location:
    Stonehenge
  5. naeS1Sean macrumors 6502a

    naeS1Sean

    Joined:
    Oct 14, 2011
    Location:
    Scranton, PA
  6. skinned66 macrumors 65816

    skinned66

    Joined:
    Feb 11, 2011
    Location:
    Ottawa, Canada
  7. PracticalMac macrumors 68030

    PracticalMac

    Joined:
    Jan 22, 2009
    Location:
    Houston, TX
  8. Goatllama macrumors 6502a

    Goatllama

    Joined:
    Jun 24, 2015
    Location:
    Mountaintop Lair
    #8
    Frightening when you think about the hackers who DON'T announce that they've released the tools to the public. Thank goodness for Whitehats.
     
  9. Bigsk8r macrumors 6502

    Bigsk8r

    Joined:
    Nov 28, 2011
    Location:
    Austin, Texas
    #9
    Thank you, anonymous hacker. Sometimes reality needs to be brought to certain people and organizations. Cheers!
     
  10. soupcan macrumors 6502a

    soupcan

    Joined:
    Nov 21, 2014
    Location:
    Netherlands
    #10
    And the FBI keeps insisting that it's not a dangerous precedent.

    They're funny people.
     
  11. decimortis macrumors 6502a

    decimortis

    Joined:
    Aug 28, 2007
    Location:
    Toronto
    #11
    This is what I keep saying to my wife.
     
  12. DrewDaHilp1 macrumors 6502a

    DrewDaHilp1

    Joined:
    Mar 29, 2009
    Location:
    All Your Memes Are Belong to US
    #12
    So a company that has their main product being encryption hacking tools, didn't take encryption and data security serious enough to protect customer information.
     
  13. newyorkone macrumors 6502

    newyorkone

    Joined:
    Jun 10, 2009
    #13
    Thumbs up for the whitehat hacker, and essentially validating Apple's argument. Huge thumbs down for greedy basturds Cell-out-brite...
     
  14. NT1440 macrumors G4

    NT1440

    Joined:
    May 18, 2008
    Location:
    Hartford, CT
    #14
    I don't think that's the case at all. I think this highlights that no matter what kind of security policies you have in place, given enough time if the target is important enough to someone it will be infiltrated.

    Security is an ever evolving cat and mouse game, which just highlights how ******* stupid the FBI's proposals were. The "golden key" scenario where they promise they will make sure no one gets the key doesn't work. MICROSOFT of all examples, demonstrated the pitfalls of this scheme not too long ago:

    https://arstechnica.com/security/2016/08/microsoft-secure-boot-firmware-snafu-leaks-golden-key/

    If you have a master key, it WILL be compromised.
     
  15. 2010mini macrumors 68040

    Joined:
    Jun 19, 2013
  16. H2SO4 macrumors 68040

    Joined:
    Nov 4, 2008
    #16
    ……..or tinfoil ones.
     
  17. mazz0 macrumors 65816

    mazz0

    Joined:
    Mar 23, 2011
    Location:
    Leeds, UK
    #17
    Aaaah, the 5C - the best looking iPhone they ever made, it deserved to have up to date hardware inside it :(
     
  18. dontwalkhand macrumors 601

    dontwalkhand

    Joined:
    Jul 5, 2007
    Location:
    Phoenix, AZ
    #18
    iPhone SE
     
  19. robeddie macrumors 68000

    robeddie

    Joined:
    Jul 21, 2003
    Location:
    Atlanta
    #19
    I knew there was a joke to be had there ... and you nailed it!
     
  20. gnasher729 macrumors P6

    gnasher729

    Joined:
    Nov 25, 2005
    #20
    That's the difference between them and the NSA. They are _only_ interested in cracking encryption. The NSA has both jobs at the same time, cracking decryption and protecting encryption, and they have clearly and repeatedly stated that they want no back doors. If anyone didn't understand why, they should now.
     
  21. thisisnotmyname macrumors 65816

    thisisnotmyname

    Joined:
    Oct 22, 2014
    Location:
    known but velocity indeterminate
    #21
    As predicted and warned. Personally I'm glad to be running latest hardware given this news but overall I'm conflicted as A) this hack and release has put certain devices at risk which is bad and B) it's proven the theoretical point many were making when voicing opposition to the FBI's desire for access which is important to blocking future attempts to do the same.
     
  22. Septembersrain Contributor

    Septembersrain

    Joined:
    Dec 14, 2013
    Location:
    Texas
    #22
    That is and was still my favorite iPhone. I was an Android fangirl. That blue 5c was the first iPhone that ever caught my attention. I still have it. I've got a jet black 7+ now and it has a similar feel to the 5c.

    As for using the backdoors, what did the FBI expect. We teach militants how to fire guns, then give them weaponry and they turn on us. The FBI uses some third party, potentially with hackers on the inside, and expect zero consequences?
     
  23. CPx macrumors 6502

    Joined:
    Sep 6, 2013
  24. LCPepper macrumors 6502

    LCPepper

    Joined:
    Aug 5, 2013
    Location:
    United Kingdom
    #24
    I suppose this kind of negates cellbrite's approach now though. It'll all get patched, cat and mouse style...
     
  25. dwaltwhit macrumors 6502

    dwaltwhit

    Joined:
    Oct 25, 2013
    Location:
    Tennessee
    #25
    Glob help us
     

Share This Page