February 3, 2017
We may finally have the answer to one of the big mysteries of 2016 – how did Cellebrite manage to help the FBI break into the San Bernardino shooter’s iPhone. The answer seems to be repurposing other existing cracking tools used to jailbreak iPhones.
One hacker broke into Cellebrite’s servers last month, stealing 900 GB of data. Now, that same hacker is dumping the iOS cracking tools stolen from the company, Motherboard reports.
The publicly released files relate to Android and BlackBerry devices, but also older iPhone models. Some of the data seems to have been copied from cracking tools that can be found with a little online digging.
The hacker behind the attack wants to make a point as the United States heads towards a more authoritarian society with Trump at the wheel. Considering that his appointees in important positions would really like for the authorities to have backdoors in encryption tools so they can snoop to their hearts desires, the hacker’s position doesn’t seem so strange.
“The debate around backdoors is not going to go away; rather it is almost certainly going to get more intense as we lurch toward a more authoritarian society. It’s important to demonstrate that when you create these tools, they will make it out. History should make that clear,” the hacker said.
The data dump
The data that the hacker dumped comes from a remote Cellebrite server, extracted from UFED images. The information had been encrypted, but the hackers managed to break down the security layers. According to the ReadMe file that accompanies the data dump, the fully functioning Python script set to utilize the exploits, ripped and decrypted, is included in the package for which links had been shared over Pastebin.
So what’s in the pile? Well, some of the iOS files are pretty much identical to tools used to jailbreak Apple’s phones. Some of the code in the data dump had been designed to expose PIN numbers, which isn’t something that’s normally included in jailbreak solutions. This seems to come from an effort to turn the available solutions into forensic tools. By ripping software from jailbreak solutions, however, isn’t exactly forensically perfect.
Cellebrite denies allegations, saying that the stolen data is just research they collected regarding new forensic methods. This includes research tools and any publicly documented issues, including the very popular jailbreaks. They claim, however, that its forensic tools don’t alter data on the device.