Cellebrite digital forensics tools leaked online by a reseller

The firmware used by the Israeli mobile forensic firm Cellebrite was leaked online by one of its resellers, the McSira Professional Solutions.

Do you know Cellebrite? It is an Israeli firm that designs digital forensics tools that are used by law enforcement and intelligence agencies to examine mobile devices in investigations.

It became famous when the dispute between Apple and the FBI on the San Bernardino shooter’s iPhone monopolized the headlines.

In April, the FBI director James Comey confirmed the agency used a tool bought from a private source to access the iPhone because Apple refused to help the DoJ in cracking into the San Bernardino terrorist iPhone. Experts speculated that the company is the Israeli mobile forensic firm Cellebrite.

Now the same company is the victim of an embarrassing incident. The Cellebrite hacking firmware was leaked online by one of its resellers, the McSira Professional Solutions.

McSira shared links to download the latest firmware and software versions for his customers. Of course, curious, hackers, competitors, and security researchers accepted the gift.

The reseller hosts software for various versions of Cellebrite’s Universal Forensic Extraction Device (UFED), which is one of the core products of Cellebrite used to bypass the security mechanisms of mobile devices, such as the iPhones. The tool could be used to access the mobile device and extract all sensitive data is includes.

McSira is allowing anyone to download the firmware for the UFED Touch and UFED 4PC (PC version) and copies of UFED packages that could be used to hack into different mobile phone devices, including Apple, Samsung, Blackberry, Nokia, and LG models.

The reseller is also distributing copies of UFED Phone Detective, the UFED Cloud Analyzer and Link Analyzer, that are used by law enforcement to investigate date on seized devices.

Of course, security experts and mobile forensics investigators have already started examining the leaked software to understand the techniques implemented by Cellebrite for its hacking tools.

Mike Reilly, a representative with Cellebrite, told Motherboard that the McSira website’s links “don’t allow access to any of the solutions without a license key.” Hackers need a key in order to use the software, but it is likely that soon someone will be able to obtain it by analyzing the leaked applications.

Let’s wait for an official comment from McSira and Cellebrite.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Cellebrite, Data leakage)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.