Hacking an iPhone is apparently a difficult task, but if you have $100, you can easily hack one. According to a report from Forbes, iPhone hacking tools that are meant for law enforcement authorities are available on eBay for as low as $100.
iPhone hacking tools
Some of the iPhone hacking tools available at the online site are from the Israeli data extraction company – Cellebrite. This Israeli company reportedly helped the FBI hack the iPhone belonging to one of the shooters involved in the San Bernardino incident.
Cellebrite reportedly gets millions from the U.S. authorities to break into Apple and Android phones. However, according to the Forbes report, some of the Cellebrite-branded tools can be bought on eBay from between $50 and $1,000 per unit. Such a price is a massive discount from the usual price of $6,000 for a brand new hacking tool.
Charlie Munger, Warren Buffett’s right-hand man today, is an accomplished investor in his own right. Just like Buffett, Munger had his own investment partnership (he was convinced to go into investing by Buffett, leaving behind a career in law) before coming to Berkshire Hathaway. However, unlike Buffett who followed a deep value investing strategy as Read More
A bigger problem, however, will be if such devices fall into the wrong hands. Since these iPhone hacking tools are easily available, anyone could get their hands on them. One reseller claimed to have ten such devices in stock with prices ranging from $50-$70.
Hacking tools, including Cellebrite’s UFED, are meant for law enforcement authorities only and not for consumers. But, police or other individuals with access to these devices are likely reselling them instead of returning them to Cellebrite.
These tools leaking data as well
What’s more, these unauthorized resellers are not even deleting the earlier data from these machines. That could result in a leak of sensitive data related to criminal cases and phones hacked. More concerning is the possibility that these machines could reveal iPhone vulnerabilities that Cellebrite hasn’t shared even with Apple.
If Apple is aware of such vulnerabilities, it will quickly plug all such loopholes. Apple did the same thing last year by patching a vulnerability that allowed GrayKey, another hacking tool, to get into the iPhones.
Cellebrite UFED classic exploits & functions – I got this gem at an auction – has SIM card cloning features (elite) pic.twitter.com/xmLCgVO7iG
— Hacker Fantastic (@hackerfantastic) February 11, 2019
Security researcher Matthew Hickey, who bought several of these Cellebrite UFED devices, found that the machines were carrying very sensitive data from the devices that had been hacked and the data extracted from it. Moreover, these iPhone hacking tools could also leak data about the messages and contacts.
Hickey said he found evidence that Cellebrite UFED devices were used to get into Samsung, LG, ZTE and Motorola devices. The security researcher himself was able to hack into iPhone and iPad models using the used machines.
Further, Hickey noted that the security on these Cellebrite UFED devices was “fairly poor.” He was able to find the admin account passwords for the devices easily. Also, cracking the devices’ license controls was simple.
After Hickey tweeted about his findings, Cellebrite reportedly started sending out letters to its clients asking them not to resell its devices. In the letter, the Israeli company says that it is their responsibility to ensure that its products are used for the clients for whom they are intended.
“As a reminder, selling or distributing any of your Cellebrite equipment to other organizations is not permitted without written approval from Cellebrite,” the company said. Further, in its letter, Cellebrite also notes that even the old models may have access to “private information.”
Apple vs. FBI
The U.S. authorities have long been complaining about Apple’s stance on privacy, which includes end-to-end messaging encryption and full-disk encryption of its devices. Such security measures make it almost impossible for law enforcement agencies to get into Apple devices.
Therefore many countries, including Australia, Canada, New Zealand, the U.K. and the U.S. via the “Five Eyes” intelligence network claim that “privacy is not an absolute” and are demanding legislation to bypass encryption.
Last week, Apple and other tech companies lodged a complaint against an Australian law which was passed in December. The law requires businesses to assist the government in accessing encrypted messages. Apple argues that such a law would weaken iOS encryption not just in Australia but also in countries are part of the “Five Eyes” network.
Recently, executive assistant director with the FBI, Amy Hess, told The Wall Street Journal that the “going dark” problem “infects law enforcement and the intelligence community more and more so every day.”
Hess, in 2016, testified in front of Congress following the clash between the FBI and Apple over the demand for a backdoor into the iPhone of one of the San Bernardino shooters. Apple, at the time, said that it can’t be forced to write new code and that doing so would weaken the iOS.