For those unfamiliar, Cellebrite is an Israeli company, which specializes in extracting data from mobile phones for law enforcement agencies. The firm’s main product is called the Universal Forensic Extraction Device (UFED) – a tool designed to extract smartphone data, which is being used extensively by the U.S. and UK police. Reportedly, in January this year, the same Israeli firm suffered a major data breach wherein 900GB worth of data was stolen. However, now the person claiming responsibility has publicly released a cache of Cellebrite’s most sensitive data on Pastebin, including its tools used to hack into older iPhones, as well as Android and BlackBerry smartphones, according to Motherboard. The individual claimed to have extracted the data from UFED images, bypassing Cellebrite’s encryption. The intention behind the leak was to highlight the importance of the inevitability that any brute force tools aimed at bypassing encryption software “will make it out” into the public. “The debate around backdoors is not going to go away, rather, it’s almost certainly going to get more intense as we lurch toward a more authoritarian society,” the hacker told Motherboard in an online chat. “It’s important to demonstrate that when you create these tools, they will make it out. History should make that clear,” they continued. However, a Cellebrite spokesperson claimed that no source code was stolen in the attack. Tony Gauda, CEO of data security firm ThinAir, argued that the Cellebrite breach is a “privacy advocate’s nightmare come true.” “While the legitimacy of the files leaked today hasn’t been confirmed, this incident is a clear example of why backdoors are seen as a double-edged sword by members of the technology community,” he added. “Software exploits that allow law enforcement to exfiltrate data during criminal investigations become extremely dangerous when in the wrong hands, and firms such as Cellebrite must acknowledge the huge target they have on their backs.”
