Cellebrite, the digital forensics company believed to have helped the FBI break the security of the San Bernardino shooter's iPhone, may have repurposed other existing cracking tools used for jailbreaking iPhones, according to a new cache of files allegedly sourced from the security firm.
The hacker behind the breach of Cellebrite's servers in January is the same person behind the publication of the new files, reports Motherboard. The cache is said to include files used to gain access to data stored on smartphones, including older iPhones and devices running on Android and from BlackBerry.
The Israeli firm is known for providing a product to law enforcement agencies called the Universal Forensic Extraction Device (UFED), a unit that can be connected to a smartphone and used to pull a variety of data from it, including text messages, emails, images, and other items. While the tool can bypass security measures in a large number of instances, its usage against iPhones are limited to models using earlier versions of iOS, and can be thwarted by strong encryption schemes.
The unidentified hacker claims the tools were extracted from UFED images found on the 900GB of data in last month's server breach, and was able to bypass encryption used on the files. In the files were a number of directories, named after different smartphone brands, with each folder containing various exploits the tool could employ and access via a Python script.
It is noted by the hacker that the iOS-related code found in the cache is similar to scripts created to jailbreak iPhones, and is publicly-viewable code. Forensic scientist Jonathan Zdziarski advised to the report the iOS files were nearly identical to jailbreaking tools, and included modified versions of Apple firmware altered to break security on older iPhones.
One of the highlighted modifications was to a tool called QuickPwn, where the original jailbreaking project was modified to brute force PINs to unlock a device. The alteration is likely to be for forensic purposes, as Zdziarski suggests such an addition would be unusual for a jailbreaking project to include.
If the released files were used by Cellebrite in the UEFD, Zdziarski suggests "it would indicate they ripped off software verbatim from the jailbreak community and used forensically unsound and experimental software in their supposedly scientific and forensically validated products."
In response, Cellebrite told Motherboard the files were part of a distribution package of the application that it provides to customers, and they "do not include any source code." The spokesperson also claims the company monitors research from the security community, including jailbreaks and new research tools, to "enable platform research."
The hacker's motive to publish the files seems to be an attempt to sway the ongoing debate over encryption, with government agencies wanting to weaken security to make it easier to extract potential evidence from mobile devices.
"The debate around backdoors is not going to go away, rather, it is almost certainly going to get more intense as we lurch toward a more authoritarian society," the hacker writes. "It's important to demonstrate that when you create these tools, they will make it out. History should make that clear."
19 Comments
Obvious. Forensic investigators, spyware creators, jailbreakers and more have the same goal: total, unrestricted access to the system. Of course they're going to use the same methods. And if a given jailbreak is open-source, of course they're going to use that source code.
As the article says, this is the perfect example of why, even if a "secure golden key" were possible to create (which it isn't), it would be profoundly irresponsible to do so.
The encouraging thing about this is that they still had to brute force it, they couldn't just crack the encryption.
And, yeah, it makes sense they'd use already available code. So would most people who were trying to crack a phone for nefarious purposes. If the code already exists, no point in trying to write it yourself from scratch.
Why develop your own tools when someone else does it for free?
This could help drive faster adoption of the latest iPhones...