Apple’s hard stance on encryption and its refusal, as well as inability, to simply hand over keys to US authorities have created a profitable niche market for forensic tools like those made by Israel-based Cellebrite. The company became famous for its iPhone hacking tool and has become the favorite of the US government. Now that tool is suddenly popping up on eBay for as low as $100 and it is proving to be the security nightmare critics have warned it could be.
A backdoor doesn’t discriminate between police and thief and weapons can’t tell friend from foe. A backdoor tool like the Cellebrite UFED (Universal Forensic Extraction Device) could solve crimes and save lives in the right hands. The problem starts when they fall into the wrong ones like what is happening now.
Second-hand Cellebrite UFEDs are selling on eBay for $100 to $1,000, which is plenty cheap considering the $6,000 price tag of a brand new unit. Ironically, the ones responsible for reselling these used devices are Cellebrite’s customers’ instead. Apparently, Cellebrite has launched a new product that has made the old one practically obsolete and those customers, mostly from forensic fields and law enforcement, are discarding the old ones left and right.
To add even more irony, these forensics customers have failed to do their due diligence in actually ensuring that these UFEDs are at least wiped clean. Many of them still contain data that were extracted not just from iPhones but also Android phones from Samsung, LG, ZTE, and Motorola. They also have weak security in themselves, with the admin password easily discovered by a seasoned hacker.
Cellebrite, of course, isn’t too happy and it has privately warned its customers against reselling the devices and, instead, should surrender them to the company for proper disposal. The company might also be worried that the UFEDs will reveal the vulnerabilities it has kept secret from Apple in order to exploit and gain access into iOS devices.