Yes, yous heard that right. Cellebrite's nigh sensitive in-house capabilities convey been made populace past times 1 of its products' resellers, who is similar a shot distributing copies of Cellebrite's firmware as well as software for anyone to download.
The apparent reseller is McSira Professional Solutions, which hosts software for diverse versions of Cellebrite's Universal Forensic Extraction Device (UFED).
UFED is 1 of the company's primal products that assist investigators bypass the safety mechanisms of mobile phones, specially iPhones, as well as extract all information as well as passwords from them.
For the Cellebrite's paw on iOS devices, yous tin sentinel the 2015 YouTube video (below), which demonstrates 1 of the company's products that unlocked the iPhone device inward few hours.
Download Links to Cellebrite's Key Forensic Product
McSira is allowing anyone to download the firmware for the UFED Touch as well as UFED 4PC (PC version). The fellowship is also hosting copies of UFED packages for dissimilar mobile telephone brands, including Apple, Samsung, Blackberry, Nokia, as well as LG.
Besides this, McSira is also hosting copies of Cellebrite forensic software, such every bit the UFED Phone Detective, UFED Cloud Analyzer as well as Link Analyzer, which allows investigators to analyze seized information further.
McSira is probable offering these download links for firmware as well as software files as well as then that its customers – which, according to its site, are "police, armed forces as well as safety agencies inward the E.U. as well as other parts of the world" – tin conveniently update their hardware to the latest version.
However, the fellowship opened doors for researchers, hackers, as well as its competitors to download these leaked files, reverse-engineer them, as well as figure out how Cellebrite's tools pause into mobile phones.
Researcher Started Examining leaked Software as well as Firmware
According to Joseph Cox, freelance safety journalist for Motherboard, an unnamed researcher has already started examining the leaked files to reveal the sort of exploits Cellebrite uses to bypass fifty-fifty potent safety mechanisms on mobile phones, every bit good every bit weaknesses inward the implementation of affected phones that could hold upward fixed.
Another researcher Pedro Vilaça from SentinelOne said he already cracked about of the Cellebrite software as well as ran it against an former iPad, though he said he needed to explore the leaked files to a greater extent than to empathise the capability of those software better.
"Doesn't look to hold upward trying to exploit things but only information extraction," Vilaça told Motherboard. "For example, I'd to yoke my device alongside iTunes for the logical extraction characteristic to work."
Mike Reilly, a PR trace of piece of occupation solid representative that industrial plant alongside Cellebrite, said the McSira website's links "don't permit access to whatsoever of the solutions without a license key," pregnant that downloaders ask a primal (code) given past times Cellebrite or its reseller to run those software.
At the fourth dimension of writing, McSira is hosting these files, but it is non clear how long the files volition hold upward hosted on its website.
McSira as well as Cellebrite convey all the same to comment on the matter.
