The tool that the Federal Bureau of Investigation used to crack the iPhone owned by one of the San Bernardino terrorists last year has now been made public. This was according to a hacker who claimed to have released part of its codes as a form of warning the federal agency.
On The iPhone Crack
In the heat of the San Bernardino shooting investigation, the FBI asked Apple to decrypt the phone used by Syed Farook, one of the shooters who was eventually killed in a police shootout in 2015. Apple refused and in the middle of the legal tussle, the FBI purportedly approached an Israeli security firm called Cellebrite to help in cracking the device. The agency reportedly paid $1 million and the iPhone was successfully unlocked.
Last month, however, Cellebrite announced that one of its servers has been hacked. No one took notice, except perhaps the FBI and a number of its customers who naturally have cause for concern.
"It is known that the information accessed includes basic contact information of users registered for alerts or notifications on Cellebrite products and hashed passwords for users who have not yet migrated to the new system," Cellebrite said. "To date, the company is not aware of any specific increased risk to customers as a result of this incident; however, my.Cellebrite account holders are advised to change their passwords as a precaution."
That statement must have put everything to rest. That changed, however, after the hacker who claimed responsibility surfaced in an interview with Motherboard.
Why Publish The Backdoor Tool?
According to the hacker, the data he has released at Pastebin, which is known in the developer community as an online code repository, included codes linked to the Universal Forensic Extraction Device (UFED), which is believed to be the Cellebrite tool used by the FBI.
The hacker claimed that the release is for the purpose of putting the federal law enforcement agency on notice. He argued that the codes' very creation will inevitably lead to their release and their use by anyone with technical knowledge. He noted that this includes oppressive regimes.
As of this writing, it is not yet clear if the codes are really the backdoor tool created for the FBI. It is worth noting, however, that while Cellebrite denied that the source code for the UFED has been stolen, it admitted that the file dump included the distribution package of its application.
There is also the fact that the data breach seemed to involve up to 900 GB of data. The tranche also revealed that the company is supplying phone cracking technologies to countries like Turkey, the United Arab Emirates, and Russia.