Cellebrite, the Feds’ favorite iPhone hacking tool, is selling on ebay for $100 – and it’s leaking data

“When eBay merchant Mr. Balaj was looking through a pile of hi-fi junk at an auction in the U.K., he came across an odd-looking device. Easily mistaken for a child’s tablet, it had the word ‘Cellebrite’ written on it,” Thomas Brewster reports for Forbes. “To Mr. Balaj, it appeared to be a worthless piece of electronic flotsam, so he left it in his garage to gather dust for eight months.”

“But recently he’s learned just what he had his hands on: a valuable, Israeli-made piece of technology called the Cellebrite UFED,” Brewster reports. “It’s used by police around the world to break open iPhones, Androids and other modern mobiles to extract data. The U.S. federal government, from the FBI to Immigration and Customs Enforcement, has been handing millions to Cellebrite to break into Apple and Google smartphones.”

“Mr. Balaj (Forbes agreed not to publish his first name at his request) and others on eBay are now acquiring and trading Cellebrite systems for between $100 and $1,000 a unit. Comparable, brand-new Cellebrite tools start at $6,000,” Brewster reports. “Cellebrite isn’t happy about those secondhand sales. On Tuesday, two sources from the forensics industry passed Forbes a letter from Cellebrite warning customers about reselling its hugely popular hacking devices because they could be used to access individuals’ private data. Rather than return the UFEDs to Cellebrite so they can be properly decommissioned, it appears police or other individuals who’ve acquired the machines are flogging them and failing to properly wipe them.”

Read more in the full article here.

MacDailyNews Take: More proof that “backdoors” intended only for the “good guys” quickly become backdoors for everyone.

Encryption is binary; it’s either on or off. You cannot have both. You either have privacy via full encryption or you don’t by forcing back doors upon Apple or anybody else. It’s all or nothing. — MacDailyNews, March 8, 2017

There have been people that suggest that we should have a back door. But the reality is if you put a backdoor in, that backdoor’s for everybody, for good guys and bad guys. — Apple CEO Tim Cook, December 2015

This is not about this phone. This is about the future. And so I do see it as a precedent that should not be done in this country or in any country. This is about civil liberties and is about people’s abilities to protect themselves. If we take encryption away… the only people that would be affected are the good people, not the bad people. Apple doesn’t own encryption. Encryption is readily available in every country in the world, as a matter of fact, the U.S. government sponsors and funds encryption in many cases. And so, if we limit it in some way, the people that we’ll hurt are the good people, not the bad people; they will find it anyway. — Apple CEO Tim Cook, February 2016

[UPDATE: 8:18pm ET: Fixed “Celebrate” to “Cellebrite” in the headline. Damn autocorrect!]

SEE ALSO:
FBI: End-to-end encryption like Apple’s ‘infects’ law enforcement – February 27, 2019
Apple, Google, Microsoft, and others denounce Australia’s ‘deeply flawed’ anti-encryption law – December 11, 2018
Backdoors: Australia passes laws allowing spies and police to snoop on encrypted communications – December 7, 2018
Apple to Australia: This is no time to weaken encryption; access only for ‘good guys’ is a false premise – October 13, 2018
Apple urges Australian government not to destroy encryption with ‘backdoors’ – October 12, 2018
Apple, other tech giants denounce proposed Australian law seeking encryption ‘backdoor’ – October 3, 2018
More proof that iPhone backdoors are a stupid idea: Massive cache of law enforcement personnel data leaks – July 2, 2018
Bipartisan ‘Secure Data Act’ would make it illegal for U.S. government to demand backdoors – May 11, 2018
Tim Cook’s refusal to create iPhone backdoor for FBI vindicated by ‘WannaCry’ ransomware attack on Windows PCs – May 15, 2017
The Microsoft Tax: Leaked NSA malware hijacks Windows PCs worldwide; Macintosh unaffected – May 13, 2017
Bungling Microsoft singlehandedly proves that ‘back doors’ are a stupid idea – August 10, 2016
U.S. Congressman Ted Lieu says strong encryption without backdoors is a ‘national security priority’ – April 29, 2016

3 Comments

  1. Looking at the headlines here we see Apple is yanking VoIP apps for security problems, the Thunderclap vulnerability of HW and Israeli hacking tech for sale on eBay.

    If you are not a little concerned maybe you should be.

    1. Nope, not worried at all, DavGreg. There will always be threats to security. But I don’t feel threatened by either of these issues, to be honest. The vast majority of the Mac hacks that are disclosed are not active threats in the real world. They tend to be more academic in nature, or require physical access to my Apple devices.

      I remain vigilant, but I am not worried. And I really don’t need you to tell me what to be worried about, given your forum history.

  2. How long will it be until the device is purchased on the grey market, autopsied, and used to create dark-market toys based on the technology? Oh, wait, probably already done! Again, backdoors are bad. Bad bad bad.

Add Your Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.