Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Security The Internet Businesses Cellphones Communications Iphone Network Networking Privacy Software Technology Hardware

The Phone Hackers At Cellebrite Have Had Their Firmware Leaked Online ( 29

An anonymous reader quotes a report from Motherboard: Cellebrite, an Israeli company that specializes in digital forensics, has dominated the market in helping law enforcement access mobile phones. But one apparent reseller of the company's products is publicly distributing copies of Cellebrite firmware and software for anyone to download. Although Cellebrite keeps it most sensitive capabilities in-house, the leak may still give researchers, or competitors, a chance to figure out how Cellebrite breaks into and analyzes phones by reverse-engineering the files. The apparent reseller distributing the files is McSira Professional Solutions, which, according to its website, "is pleased to serve police, military and security agencies in the E.U. And [sic] in other parts of the world." McSira is hosting software for various versions of Cellebrite's Universal Forensic Extraction Device (UFED), hardware that investigators can use to bypass the security mechanisms of phones, and then extract data from them. McSira allows anyone to download firmware for the UFED Touch, and a PC version called UFED 4PC. It is also hosting pieces of Cellebrite forensic software, such as the UFED Cloud Analyzer. This allows investigators to further scrutinize seized data. McSira is likely offering downloads so customers can update their hardware to the latest version with as little fuss as possible. But it may be possible for researchers to take those files, reverse-engineer them, and gain insight into how Cellebrite's tools work. That may include what sort of exploits Cellebrite uses to bypass the security mechanisms of mobile phones, and weaknesses in the implementation of consumer phones that could be fixed, according to one researcher who has started to examine the files, but was not authorised by his employer to speak to the press about this issue.
This discussion has been archived. No new comments can be posted.

The Phone Hackers At Cellebrite Have Had Their Firmware Leaked Online

Comments Filter:
  • Clickbait? (Score:4, Interesting)

    by 1080bogus ( 1015303 ) on Tuesday October 25, 2016 @05:02PM (#53149763)

    McSira isn't hosting the files as indicated in the story. They merely link to Cellebrite's CDN. Cellebrite is exposing their own firmware, not the reseller.

  • Hackers hacked by hackers using recursive hacking recursion.

  • I hope the manufacturers of the phone hardware being targeted download these firmware files, reverse engineer them and fix whatever exploits the firmware files are taking advantage of.

    The good thing about running a phone (the Nokia N900 Linux-based phone) so obscure even most geeks dont know a lot about it is that no-one is going to bother writing exploits or hacks for it.

Never worry about theory as long as the machinery does what it's supposed to do. -- R. A. Heinlein