If you cast your mind back to when Apple refused to unlock an iPhone 5c for the authorities following the San Bernardino incident last year, the company made the argument that if it created a tool for opening up an encrypted iPhone, then it would create the potential for that tool to then fall into the wrong hands and ultimately make iPhone encryption obsolete.
The FBI didn’t agree with this and went ahead and found someone else to do the hacking – Israeli firm Cellebrite.
In a turn of events that have more than a hint of irony to them, Cellebrite has now had their own servers hacked, with most parts of that iPhone hacking tool now leaked on the internet.
A report by Motherboard cites a source who hacked into a remote Cellebrite server and stole 900GB of data, including evidence that Cellebrite did work for countries such as Russia, Turkey, and the UAE. The treasure trove of data also includes a host of files relating to the hacking of iPhones, according to the publication.
Now the hacker responsible has publicly released a cache of files allegedly stolen from Cellebrite relating to Android and BlackBerry devices, and older iPhones, some of which may have been copied from publicly available phone cracking tools.
“It’s important to demonstrate that when you create these tools, they will make it out. History should make that clear,” they continued.
The last line of that quote is particularly pertinent, given Apple’s warning that something like this could happen when it refused to create such a tool last year, with CEO Tim Cook labeling it the software equivalent of cancer. Interestingly, once the data was looked into, much of it was similar to tools used in the jailbreaking community, suggesting there may be some creative re-use of hacks being used.
In their README, the hacker notes much of the iOS-related code is very similar to that used in the jailbreaking scene—a community of iPhone hackers that typically breaks into iOS devices and release its code publicly for free.
As with the iPhone in the San Bernardino case, much of the information found by the hacker relates to tools for hacking older iPhones, so those with newer devices may still be OK. Regardless, now would be an opportune time to remind everyone to encrypt their devices as well as device backups and data, as well as keep their software up to date. At this point, and especially with the world going the way it is right now, it just makes good sense.