Last month, a hacker took 900GB of data from Cellebrite, an Israeli cyber-arms dealer that was revealed to be selling surveillance and hacking tools to Russia, the UAE, and Turkey.
Yesterday, that hacker dumped Cellebrite's arsenal of mobile cracking tools, including a suite of tools to attack Apple's Ios devices (Iphones and Ipads).
The dump reveals that Cellebrite seemingly repackages untested and unaudited jailbreaking tools as lawful interception products and sells them to repressive regimes. It also reveals that suppressing disclosure of security vulnerabilities in commonly used tools does not prevent those vulnerabilities from being independently discovered and weaponized — it just means that users, white-hat hackers and customers are kept in the dark about lurking vulnerabilities, even as they are exploited in the wild, which only end up coming to light when they are revealed by extraordinary incidents like this week's dump.
This is especially relevant this week, because the World Wide Web Consortium has revealed a plan to codify and exploit the legal powers its members will gain through its DRM standards to allow the biggest technology companies in the world to censor disclosure of factual reports of defects in web browsers.
As the Cellebrite dump reveals, this censorship won't keep users secure — it'll just keep them in the dark about how at-risk they really are.
Jonathan Zdziarski, a forensic scientist, agreed that some of the iOS files were nearly identical to tools created and used by the jailbreaking community, including patched versions of Apple's firmware designed to break security mechanisms on older iPhones. A number of the configuration files also reference "limera1n," the name of a piece of jailbreaking software created by infamous iPhone hacker Geohot. He said he wouldn't call the released files "exploits" however.
Zdziarski also said that other parts of the code were similar to a jailbreaking project called QuickPwn, but that the code had seemingly been adapted for forensic purposes. For example, some of the code in the dump was designed to brute force PIN numbers, which may be unusual for a normal jailbreaking piece of software.
"If, and it's a big if, they used this in UFED or other products, it would indicate they ripped off software verbatim from the jailbreak community and used forensically unsound and experimental software in their supposedly scientific and forensically validated products," Zdziarski continued.
Hacker Dumps iOS Cracking Tools Allegedly Stolen from Cellebrite