Want to hack an iPhone? Cellebrite hacking tools are available on eBay
iPhones are renown for their security -- to the point that even law enforcement agencies have trouble accessing their contents. An Israeli firm, Cellebrite, became well-known when it transpired that hacking tools it made were used by the US government to crack locked iPhones… and now its hacking tools are available to buy on eBay.
For as little as $100-$1000, you can get your hands on a second-hand piece of Cellebrite equipment (a fraction of its usual selling price). For just a few Benjamins, you could get a Cellebrite UFED (Universal Forensic Extraction Device) and use it for whatever you might fancy.
Brand new, an iPhone hacking device from Cellebrite will set you back several thousand dollars, so the prospect of grabbing one from the well-known auction site for a fraction of this will delight many people. As noted by Forbes, Cellebrite is not happy to find that its hardware is popping up for sale on eBay where it could fall into anyone's hands -- and understandably so.
It's not clear quite where these devices have come from, but bearing in mind the fact they are usually provided to police and government agencies, the number of sources are limited. Forbes reports:
Rather than return the UFEDs to Cellebrite so they can be properly decommissioned, it appears police or other individuals who've acquired the machines are flogging them and failing to properly wipe them. Cybersecurity researchers are now warning that valuable case data and powerful police hacking tools could have leaked as a result.
On Twitter, Hacker Fantastic shared video footage of a device in action:
Cellebrite UFED classic exploits & functions - I got this gem at an auction - has SIM card cloning features (elite) pic.twitter.com/xmLCgVO7iG
— Hacker Fantastic (@hackerfantastic) February 11, 2019
Cellebrite terms of sale do not permit anyone who buys equipment from the company to sell it on without permission. The firm asks that buyers who have finished with the hardware return it so it can be properly decommissioned. Without this step being taken, there is massive potential for abuse, as well as the chance that a secondhand device will already have private data extracted onto it -- such as name, IMEIs, chat logs and more.