14 DAY TRIAL // Hacking tools that governments purchased in order to break into iPhones involved in criminal investigations are now available online for as low as $100.
Devices manufactured by Israeli-based Cellebrite and previously used by law enforcement in several countries can be purchased from online auction sites like eBay.
The price is typically a few hundred dollars, but it can vary between $100 and $1,000, according to a report from Forbes. Cellebrite sells a new version of the same hacking tool from $6,000.
As to how the iPhone unlocking units ended up online, very little is known, but it’s believed the boxes previously belonged to various law enforcement agencies who are now trying to resell them.
Private data left behind
Needless to say, Cellebrite can’t be anything but worried that its devices ended up online. The Israeli company warned that all devices must be decommissioned because otherwise, they could leak private data about the investigations they were used in, the devices that were unlocked, and other secret data.
“Selling or distributing any of your Cellebrite equipment to other organizations is not permitted without written approval from Cellebrite. Since it may be possible for these devices to access private information, we ask that you treat any Cellebrite equipment within your organization with the highest degree of security,” the Israeli company told customers in a mailed notification recently.
Matthew Hickey, a cybersecurity researcher and co-founder of training academy Hacker House, purchased several hacking boxes to analyze the data that might be left on second-hand units.
“You’d think a forensics device used by law enforcement would be wiped before resale. The sheer volume of these units appearing online is indicative that some may not be renewing Cellebrite and disposing of the units elsewhere,” he is quoted as saying by the cited source.
And as it turns out, selling such devices without wiping them discloses hacked devices information, IMEI codes, and possibly personal information, which the researcher says he didn’t explore. Wi-Fi passwords were also left behind.
Furthermore, it looks like the hacking tools were used to break into a wide variety of phones, including not only iPhones, but also models from Samsung, LG, ZTE, and Motorola.