Hacker Steals 900 GB of Cellebrite Data (vice.com) 29
An anonymous reader shares a Motherboard report: Motherboard has obtained 900 GB of data related to Cellebrite, one of the most popular companies in the mobile phone hacking industry. The cache includes customer information, databases, and a vast amount of technical data regarding Cellebrite's products. The breach is the latest chapter in a growing trend of hackers taking matters into their own hands, and stealing information from companies that specialize in surveillance or hacking technologies. Cellebrite is an Israeli company whose main product, a typically laptop-sized device called the Universal Forensic Extraction Device (UFED), can rip data from thousands of different models of mobile phones. That data can include SMS messages, emails, call logs, and much more, as long as the UFED user is in physical possession of the phone.
They don't necessarily. They only have to put their database server on a network that's connected to the internet, and lose control of something else on the network. That's why computers than handle classified information cannot be connected to a network that is capable, at the hardware level, of connecting to the internet. If the wiring's there, it's not secure.
Everyone thinks they're immune, even when they use crypto. Then people leave the certs laying around in someone's browser cache, and it's all plain text again.
Cellebrite was the company that "resolved" the issue for the FBI when they wanted access to a locked iPhone and Apple wouldn't help them by circumventing their own software.
So, enter Cellebrite and their cracking software to the rescue. The FBI then withdrew their request to Apple.
The whole thing was covered ad nauseam and, in my opinion, was largely a publicity stunt by Apple to showcase how secure their device is.
I think it was a political stunt to try to soft-ban encryption solutions, by overtly forcing a very prominent privacy oriented company into unlocking their own crypto by pushing in a backdoored update. The end result would be that any company that didn't have a backdoor ready to go for any device or OS that it touched would look like it was standing in opposition to law enforcement, and that this would be considered a legal risk, and therefore, no one would continue making encryption easier and/or more rel
This is a company who specializes in selling products whose purpose is to bypass built in protections in order to gain access to others data without permission.
Am curious how they feel when it happens to them.
They get the data and see the applications and attack vectors. Unless they provide software to counter this stuff there is nothing useful here.