Hacker leaked tools stolen from mobile forensics company Cellebrite

Pierluigi Paganini February 04, 2017

The hacker that breached the systems of the mobile forensics company Cellebrite leaked online some tools and announced further releases.

In January the Israeli mobile phone data extraction company Cellebrite was hacked, the company went in the headlines in the dispute between Apple and the FBI in the case of the San Bernardino shooter’s iPhone.

The main product of the company is the Universal Forensic Extraction Device (UFED), an equipment that can rip data (i.e. SMS messages, emails, call logs) from a huge number of different models of mobile phones.


The experts are still investigating the case, meantime Cellebrite has confirmed the security breach. The company confirmed that someone accessed its systems stealing roughly 900 Gb of data, a huge quantity of data mainly composed of log data from its end-user licensing system my.Cellebrite and other sensitive data. The archive includes also 350 Gb of offline world map backups, but attackers did not access “full passwords” or payment information.  have not been obtained – although it has admitted that some password hashes have been stolen.

“Contrary to some erroneous reports, the attack did not impact any Cellebrite intellectual property related to the delivery of Cellebrite Forensic products and services, such as proprietary source code,” reads an announcement issued by the company.There is no increased risk to Cellebrite Forensic customers as a result of normal, ongoing use of Cellebrite UFED software and hardware, including routine software updates.”

According to the company, hackers accessed just some password hashes and information on closed technical support inquiries.

The hacker decided anyway to publish not only information contained in the archive, but also exploits for Android, iOS, and BlackBerry mobile devices.

According to Motherboard, the forensics expert Jonathan Zdziarski who analyzed the dump confiremed thay many of the exploits for iOS devices are widely available tools, for this reason he avoids to call them “exploits.”

The hacker promptly responded to Zdziarski via Pastebin, he confirmed that Apple tools are widely available, but also added that BlackBerry files are not publicly available.

“The more discerning eye will notice that some of the Apple exploits bear a remarkable resemblance to those available to any teenager interested in the jailbreaking scene perhaps not all those tax dollars have been wasted, the Blackberry epr is still worth a look at.” states the hacker.

“The files referenced here are part of the distribution package of our application and are available to our customers.  They do not include any source code.” wrote a spokesperson for Cellebrite in an email sent to Motherboard.  

“He added that the company monitors new research from academia and the information security community, including “newly published forensic methods, research tools and publicly documented issues, including “jailbreaks,” which enable platform research.”

The hacker plans to release a small sample of files retrieved via the weaponized Cellebrite update service deployed on MS Windows based devices and desktops (SYSTEM privs) within the customer infrastructure.

“Analysis of the compression and obfuscation employed by Cellebrite on products supplied to British MOD juxtaposed with the protection free versions supplied to SOCOM and others is also included within.” added the hacker.

The download links are:



[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Cellebrite , data breach)

you might also like

leave a comment