iPhone cracking firm Cellebrite has been hacked

13 Jan 2017

Cellebrite, which is used by law agencies to gather mobile forensics, has admitted its servers have been breached. Image: Rokas Tenys/Shutterstock

Cellebrite, the Israel-based company allegedly hired by the FBI to crack the iPhone’s encryption last year, has itself been hacked, the company admitted.

In an ironic twist, it emerged that hackers have stolen data from mobile forensics player Cellebrite.

Cellebrite is the Israel-based company that is understood to have enabled the FBI to extract data from the iPhone 5C at the heart of the investigation into the San Bernardino killings in the US.

The question of law authorities accessing encrypted devices prompted Apple to take a stand and sparked a furious privacy debate worldwide.

Cellebrite was founded in 1999 and is headquartered in Petah Tikva in Israel, specialising in mobile life cycle and mobile forensics.

The company boasts the ability to unlock iPhone devices running operating systems from iOS 8 and upwards. Its services are popular with US federal and state law enforcement as well as government forces in Russia, the United Arab Emirates and Turkey.

Phone cracker hacked

According to Motherboard, Cellebrite has been hit with an attack that has seen 900GB of data stolen.

Motherboard reports that the cache includes usernames and passwords for databases connected with the company’s MyCellebrite domain and may also include evidence files from seized mobile phones and logs from Cellebrite devices.

In a statement, Cellebrite said that it recently experienced unauthorised access to an external server and is conducting an investigation to determine the extent of the breach.

“The company had previously migrated to a new user accounts system. Presently, it is known that the information accessed includes basic contact information of users registered for alerts or notifications on Cellebrite products, and hashed passwords for users who have not yet migrated to the new system.

“To date, the company is not aware of any specific increased risk to customers as a result of this incident; however, MyCellebrite account holders are advised to change their passwords as a precaution.”

Cracked iPhone screen. Image: Rokas Tenys/Shutterstock

John Kennedy is a journalist who served as editor of Silicon Republic for 17 years

editorial@siliconrepublic.com