U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Cellebrite digital forensics tools leaked online by a reseller

The firmware used by the Israeli mobile forensic firm Cellebrite was leaked online by one of its resellers, the McSira Professional Solutions. Do you know Cellebrite? It is an Israeli firm that designs digital forensics tools that are used by law enforcement and intelligence agencies to examine mobile devices in investigations. It became famous when […]

Cellebrite digital forensics tools leaked online by a reseller

The firmware used by the Israeli mobile forensic firm Cellebrite was leaked online by one of its resellers, the McSira Professional Solutions.

Do you know Cellebrite? It is an Israeli firm that designs digital forensics tools that are used by law enforcement and intelligence agencies to examine mobile devices in investigations.

It became famous when the dispute between Apple and the FBI on the San Bernardino shooter’s iPhone monopolized the headlines.

In April, the FBI director James Comey confirmed the agency used a tool bought from a private source to access the iPhone because Apple refused to help the DoJ in cracking into the San Bernardino terrorist iPhone. Experts speculated that the company is the Israeli mobile forensic firm Cellebrite.

Now the same company is the victim of an embarrassing incident. The Cellebrite hacking firmware was leaked online by one of its resellers, the McSira Professional Solutions.

McSira shared links to download the latest firmware and software versions for his customers. Of course, curious, hackers, competitors, and security researchers accepted the gift.

cellebrite-leaked-software

The reseller hosts software for various versions of Cellebrite’s Universal Forensic Extraction Device (UFED), which is one of the core products of Cellebrite used to bypass the security mechanisms of mobile devices, such as the iPhones. The tool could be used to access the mobile device and extract all sensitive data is includes.

McSira is allowing anyone to download the firmware for the UFED Touch and UFED 4PC (PC version) and copies of UFED packages that could be used to hack into different mobile phone devices, including Apple, Samsung, Blackberry, Nokia, and LG models.

The reseller is also distributing copies of UFED Phone Detective, the UFED Cloud Analyzer and Link Analyzer, that are used by law enforcement to investigate date on seized devices.

https://youtu.be/AUgmnYChT48

Of course, security experts and mobile forensics investigators have already started examining the leaked software to understand the techniques implemented by Cellebrite for its hacking tools.

Mike Reilly, a representative with Cellebrite, told Motherboard that the McSira website’s links “don’t allow access to any of the solutions without a license key.” Hackers need a key in order to use the software, but it is likely that soon someone will be able to obtain it by analyzing the leaked applications.

Let’s wait for an official comment from McSira and Cellebrite.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Cellebrite, Data leakage)