When Apple refused to compromise iOS security last year and unlock the iPhone 5c belonging to the San Bernardino shooter, the FBI turned to an Israeli mobile forensics firm called Cellebrite to find a way in to the encrypted iPhone. Now Motherboard reports that a hacker has released files allegedly from Cellebrite that demonstrate how cracking tools can’t be kept private.
Motherboard says Cellebrite had 900GB of data stolen in last month which suggested the firm sold security cracking tools to countries including Russia, Turkey, and the UAE. The report adds that the hacker responsible is claiming to have released a cache of stolen files from Cellebrite related to cracking older iPhones.
While the report notes that Cellebrite’s phone cracking tools require physical access to the device, Motherboard‘s source says it was able to steal data from Cellebrite’s servers and break encryption used to protect the information.
“It’s important to demonstrate that when you create these tools, they will make it out. History should make that clear,” they continued.
While tools for cracking iPhones including the one used by the San Bernardino shooter were not leaked, the hacker’s effort does demonstrate that even security firms that specialize in breaking encryption can potentially be targeted as well.
That argument was largely what Apple presented last year when the FBI requested Apple create a special version of iOS that could be used as a workaround to access data on the encrypted iPhone 5c.
Apple’s position was that creating such an operating system would compromise the security of all customers if the tool was accessed by the wrong people.
While the data in question with this incident appears to be related to older iPhones, the best practice for customers should be to keep software up-to-date as iOS versions regularly improve security. As for the encryption debate, we’re likely to see it continue with episodes like this one hopefully informing the public.