It has been almost three years since the Israeli-based firm, Cellebrite, was in the news on a semi-routine basis. But now it’s back.
This time around it’s because it’s phone-hacking tool, what Cellebrite calls the Universal Forensic Extraction Device, is now up for sale on the website eBay. What is typically sold for as much as $15,000 to law enforcement agencies, including the Federal Bureau of Investigation (FBI), is going for as little as $100 on the auction site. It’s worth noting that the higher price tag for those agencies is usually attached to newer, state-of-the-art machines, while these are older models going for the cheaper price tag.
According to a report from Forbes, some of those law enforcement agencies have disposed of their Cellebrite machines. But it looks like some of them have made their way to the secondary market. The issue here is that some of those machines are “leaking” data. Cybersecurity researcher Matthew Hickey got his hands on several different UFEDs and discovered a treasure trove of information, including unique identification device numbers, or IMEIs. Hickey was also able to learn when devices were accessed on the machines, and the type of data retrieved from the devices.
Hickey did suggest he could discover even more, including messages, contacts, and photos. However, he did not go into any detail in this regard.
The law enforcement agencies are apparently ditching the older UFED models because they can’t be used to crack newer smartphones and other devices. Indeed, Hickey was able to use at least one of the machines he obtained on eBay to bust through older iPhone and iPod models. Cellebrite made the news cycle years ago because it touted its machine’s ability to break through Apple-implemented security measures in iOS 11.
At the time, Cellebrite was believed to be tapped by the FBI to help access an iPhone 5c associated with a mass murderer in the United States. However, it was later reported that Cellebrite was not used at all, but the FBI took help from “professional hackers” instead to get what they wanted out of that specific iPhone model.
It appears that Cellebrite is at least asking its customers to destroy the UFED models when they are no longer being used. It’s likely that Cellebrite does not approve of the fact these older models are finding their way to the secondary market. Especially with so much data readily available on them.