Cellebrite digital forensics tools leaked online by a reseller

Pierluigi Paganini October 26, 2016

The firmware used by the Israeli mobile forensic firm Cellebrite was leaked online by one of its resellers, the McSira Professional Solutions.

Do you know Cellebrite? It is an Israeli firm that designs digital forensics tools that are used by law enforcement and intelligence agencies to examine mobile devices in investigations.

It became famous when the dispute between Apple and the FBI on the San Bernardino shooter’s iPhone monopolized the headlines.

In April, the FBI director James Comey confirmed the agency used a tool bought from a private source to access the iPhone because Apple refused to help the DoJ in cracking into the San Bernardino terrorist iPhone. Experts speculated that the company is the Israeli mobile forensic firm Cellebrite.

Now the same company is the victim of an embarrassing incident. The Cellebrite hacking firmware was leaked online by one of its resellers, the McSira Professional Solutions.

McSira shared links to download the latest firmware and software versions for his customers. Of course, curious, hackers, competitors, and security researchers accepted the gift.

cellebrite-leaked-software

The reseller hosts software for various versions of Cellebrite’s Universal Forensic Extraction Device (UFED), which is one of the core products of Cellebrite used to bypass the security mechanisms of mobile devices, such as the iPhones. The tool could be used to access the mobile device and extract all sensitive data is includes.

McSira is allowing anyone to download the firmware for the UFED Touch and UFED 4PC (PC version) and copies of UFED packages that could be used to hack into different mobile phone devices, including Apple, Samsung, Blackberry, Nokia, and LG models.

The reseller is also distributing copies of UFED Phone Detective, the UFED Cloud Analyzer and Link Analyzer, that are used by law enforcement to investigate date on seized devices.

Of course, security experts and mobile forensics investigators have already started examining the leaked software to understand the techniques implemented by Cellebrite for its hacking tools.

Mike Reilly, a representative with Cellebrite, told Motherboard that the McSira website’s links “don’t allow access to any of the solutions without a license key.” Hackers need a key in order to use the software, but it is likely that soon someone will be able to obtain it by analyzing the leaked applications.

Let’s wait for an official comment from McSira and Cellebrite.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Cellebrite, Data leakage)



you might also like

leave a comment