Mobile

Cellebrite digital forensics tools leaked online by a reseller

The firmware used by the Israeli mobile forensic firm Cellebrite was leaked online by one of its resellers, the McSira Professional Solutions.

Do you know Cellebrite? It is an Israeli firm that designs digital forensics tools that are used by law enforcement and intelligence agencies to examine mobile devices in investigations.

It became famous when the dispute between Apple and the FBI on the San Bernardino shooter’s iPhone monopolized the headlines.

In April, the FBI director James Comey confirmed the agency used a tool bought from a private source to access the iPhone because Apple refused to help the DoJ in cracking into the San Bernardino terrorist iPhone. Experts speculated that the company is the Israeli mobile forensic firm Cellebrite.

Now the same company is the victim of an embarrassing incident. The Cellebrite hacking firmware was leaked online by one of its resellers, the McSira Professional Solutions.

McSira shared links to download the latest firmware and software versions for his customers. Of course, curious, hackers, competitors, and security researchers accepted the gift.

cellebrite-leaked-softwarecellebrite-leaked-software

The reseller hosts software for various versions of Cellebrite’s Universal Forensic Extraction Device (UFED), which is one of the core products of Cellebrite used to bypass the security mechanisms of mobile devices, such as the iPhones. The tool could be used to access the mobile device and extract all sensitive data is includes.

McSira is allowing anyone to download the firmware for the UFED Touch and UFED 4PC (PC version) and copies of UFED packages that could be used to hack into different mobile phone devices, including Apple, Samsung, Blackberry, Nokia, and LG models.

The reseller is also distributing copies of UFED Phone Detective, the UFED Cloud Analyzer and Link Analyzer, that are used by law enforcement to investigate date on seized devices.

Of course, security experts and mobile forensics investigators have already started examining the leaked software to understand the techniques implemented by Cellebrite for its hacking tools.

Mike Reilly, a representative with Cellebrite, told Motherboard that the McSira website’s links “don’t allow access to any of the solutions without a license key.” Hackers need a key in order to use the software, but it is likely that soon someone will be able to obtain it by analyzing the leaked applications.

Let’s wait for an official comment from McSira and Cellebrite.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Cellebrite, Data leakage)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Victoria’s Secret ‘s website offline following a cyberattack

Victoria’s Secret took its website offline after a cyberattack, with experts warning of rising threats…

13 hours ago

China-linked APT41 used Google Calendar as C2 to control its TOUGHPROGRESS malware

Google says China-linked group APT41 controlled malware via Google Calendar to target governments through a…

17 hours ago

New AyySSHush botnet compromised over 9,000 ASUS routers, adding a persistent SSH backdoor.

GreyNoise researchers warn of a new AyySSHush botnet compromised over 9,000 ASUS routers, adding a…

22 hours ago

Czech Republic accuses China’s APT31 of a cyberattack on its Foreign Ministry

The Czech government condemned China after linking cyber espionage group APT31 to a cyberattack on…

1 day ago

New PumaBot targets Linux IoT surveillance devices

PumaBot targets Linux IoT devices, using SSH brute-force attacks to steal credentials, spread malware, and…

2 days ago

App Store Security: Apple stops $2B in fraud in 2024 alone, $9B over 5 years

Apple blocked over $9B in fraud in 5 years, including $2B in 2024, stopping scams…

2 days ago