Hacker Dumps iOS Cracking Tools Allegedly Stolen From Cellebrite

Last year, when Apple refused to unlock the security on an iPhone 5c belonging to the San Bernardino shooter, the FBI turned to an Israeli mobile forensics firm called Cellebrite to find another way into the encrypted iPhone. Now Motherboard reports that a hacker has released files allegedly from Cellebrite that demonstrate how cracking tools couldn't be kept private. From a report: Now the hacker responsible has publicly released a cache of files allegedly stolen from Cellebrite relating to Android and BlackBerry devices, and older iPhones, some of which may have been copied from publicly available phone cracking tools." The ripped, decrypted and fully functioning Python script set to utilize the exploits is also included within," the hacker wrote in a README file accompanying the data dump. The hacker posted links to the data on Pastebin. It's not clear when any of this code was used in the UFED. Many of the directory names start with "ufed" followed by a different type of phone, such as BlackBerry or Samsung. In their README, the hacker notes much of the iOS-related code is very similar to that used in the jailbreaking scene -- a community of iPhone hackers that typically breaks into iOS devices and release its code publicly for free.

piracy is not theft

Repeat the meme!

piracy is not theft
piracy is not theft
piracy is not theft

Software cannot be stolen!

Re:piracy is not theft

Software can be stolen since you can find it in stores in physical format.

Of course that's not what the article is talking about.

Re: piracy is not theft

Copying does not change anything about the shape, form, or content of the box in a store. People who copy will never pay. People who do pay - don't care if it was copied. So, why the hell you are acting like a dumbfuck all of a sudden.

Re: piracy is not theft

What they're saying is that you can actually steal the box. Then you have stolen software. The store no longer has it.

Re:piracy is not theft

Arson isn't theft either, but it's possible to set a car on fire. Are you telling me that this means cars cannot be stolen?

Re:piracy is not theft

Arson isn't theft either, but it's possible to set a car on fire. Are you telling me that this means cars cannot be stolen?

that is false logic, the car was not stolen in that case it was vandalized a totally different crime.
 

Re:piracy is not theft

What do you mean by "in that case"? I'm talking about finding a car that is not yours and taking it away without permission from the owner. That is not vandalism, that's theft.

But it's theoretically possible to douse the car with petrol and set it alight instead. That would be arson, not theft - in your very own words "a totally different crime". And yet theft of cars still exists. The fact that arson is not theft doesn't mean cars can't be stolen. That's the point I was making.

Now GP is claiming that "piracy is not theft" implies "software cannot be stolen" - apparently attempting debunk the former statement using using recuctio ad absurdum, but failing because that is actually non-sequitur. As I have demonstrated, the statement "arson is not theft" is true in the context of cars but that does not imply the statement "cars can not be stolen". Similarly, in the context of software the statement "piracy is not theft" can be true without implying the statement "software cannot be stolen" at all. The consequent simply doesn't follow from the antecedent.

As an aside, the word "stolen" is actually semantically somewhat broader than the word "theft". For example, certain acts of of espionage (arguably, the case of TFA is an example) can quite legitimately be referred to as "stealing" without technically being theft (or even copyright infringement, depending on applicable laws), making nitpicking about what is and isn't theft rather pointless.

Re:piracy is not theft

You stole the words straight out of my mouth!

Re:piracy is not theft

[kelemvor4]

Repeat the meme!

piracy is not theft piracy is not theft piracy is not theft

Software cannot be stolen!

https://torrentfreak.com/image...

Re:piracy is not theft

No. That's bullshit and you know it.

Re:piracy is not theft

[The-Ixian]

The depravation of property is only one definition of the term "theft"

You are glomming on to that facet of the definition and pretending that the word has no other meaning.

Definition of theft

a. The act of stealing; specifically the felonious taking and removing of personal property with intent to deprive the rightful owner of it
b. An unlawful taking (as by embezzlement or burglary) of property

Also, note the wording "intent to deprive" in the first meaning. That doesn't mean you DID actually deprive the rightful owner only that you intended to.

Re:piracy is not theft

[mccrew]

Repeat the meme!

...

Repeat until you're blue in the face. Still doesn't make it true.

Re:piracy is not theft

[sjames]

Both of those definitions involve leaving the victim without the property. If I find my way into your private FTP directory and download everything, what do you find missing when you next connect to it?

In that scenario, what I did is more easily mapped to trespassing than theft.

Re:piracy is not theft

[pr0fessor]

If I make software or something distributed digitally every time someone illegally aquires and uses or distributes a copy that is used I have been deprived a copy I "could" have sold. Their intent was to take and use the copy with out purchasing it. Despite what ever reason they where unwilling to purchase it they did want the copy enough to steal it and use it which means they may have purchased it in the future should circumstances have changed.
   

Re:piracy is not theft

It's not stealing the software, it's stealing the exclusive right to make copies. That's what "copyright" means, the right to make copies.

If you pirate software, you've deprived the copyright holder of the exclusivity of that right.

Re: piracy is not theft

there is a much bigger issue than your copying. Smelly obnoxious indo-chimps with phony degrees are taking american job, depriving americans of the life, replacing it with mediocrity and substandard shitty software.
Who in their right mind would be buying shitty software coded by clueless chimps, and especially when people don't have money.
Your stupid culture of liberal self extinction will turn this country into a smelly shithole.

Re:piracy is not theft

[dgatwood]

Now GP is claiming that "piracy is not theft" implies "software cannot be stolen" - apparently attempting debunk the former statement using using recuctio ad absurdum, but failing because that is actually non-sequitur. As I have demonstrated, the statement "arson is not theft" is true in the context of cars but that does not imply the statement "cars can not be stolen". Similarly, in the context of software the statement "piracy is not theft" can be true without implying the statement "software cannot be stolen" at all. The consequent simply doesn't follow from the antecedent.

Clearly software can be stolen. After all, some companies still sell software in physical boxes. I'm surprised anyone would even try to argue otherwise, as it is just plain prima facie silly.

Re:piracy is not theft

Could be worse, at least GP didn't set your mouth on fire.

Re:piracy is not theft

[zlives]

software can be stolen, if you actually ever own the software... otherwise its just a licensing issue? right!!

Re:piracy is not theft

cars cannot be stolen while on fire

because you know

the fire rises

Re: piracy is not theft

I bet you would get charged with theft as well as arson! They would probably drop it but gives them leverage for a plea deal and a win.

Your tax dollars at work.

[SeaFox]

In their README, the hacker notes much of the iOS-related code is very similar to that used in the jailbreaking scene -- a community of iPhone hackers that typically breaks into iOS devices and release its code publicly for free.

Remind me again, how much did the FBI pay Celebrite to get into that single iPhone 5c again?

Re:Your tax dollars at work.

1.3 million or so, but then again that wouldn't necessarily go 'that far' trying to pay for an FBI task force and requisition of technology to do the same thing... assuming of course that they couldn't possibly allow themselves to use open source talent and methods to achieve the same objective. That'd be anarchy.

Re:Your tax dollars at work.

[93+Escort+Wagon]

One significant difference between the tools jailbreakers use versus Cellebrite's: The recent jailbreaks for iOS require that you run them on an unlocked phone. Additionally, every jailbreak I've used has required me to install an app onto the phone, and then run it from there.

I would be curious to see exactly how the Cellebrite tools get around this, even on an older iPhone.

Re: Your tax dollars at work.

They just clone the data and brute force the passcode.

Re: Your tax dollars at work.

i know right they could have just waited and use this info or do it themselves lol

Re:Your tax dollars at work.

There have been jailbreaks that use Safari and a PDF file to root the phone...

Re:Your tax dollars at work.

[tlhIngan]

One significant difference between the tools jailbreakers use versus Cellebrite's: The recent jailbreaks for iOS require that you run them on an unlocked phone. Additionally, every jailbreak I've used has required me to install an app onto the phone, and then run it from there.

I would be curious to see exactly how the Cellebrite tools get around this, even on an older iPhone.

Well, part of the reason for the app is to install the untethered jailbreak. Cellebrite doesn't need untethered jailbreaks - a tethered one is just fine.

In fact, there are a lot of jailbreaks around - the main problem has been getting them untethered.

Re:Your tax dollars at work.

Additionally, every jailbreak I've used has required me to install an app onto the phone, and then run it from there.

That's not actually true, or at least not in most cases.

The phone is exploited in running memory first.
Then it installs software to perform the exploit persistently on each boot, a step not needed in this case.
Lastly it installs another app, usually Cydia, that you need to run only to manage the software to install and repositories (aka alternate app stores), again a step not needed in this case.

In all but the latest and oldest iPhones, the first step above is done via the data connector.
The iphone 5c in this case is an older phone as well, so this works perfect.

Also of note to the above, even the older phones could be exploited via the data connector, however there were other exploits in addition to those, typically involving safari bugs.

There have been periods of time when a new phone came out and only teathered jailbreaks existed, in one of those periods I recall for an entire year before the unteathered persistent jailbreaks were available to the public.

To Celbright this isn't really much of a limitation or annoyance. The device in question will likely remain constantly connected to their machine throughout the whole process.
To us teathered jailbreaks are annoying as hell because you can't reboot your phone "on the go" since it will no longer be jailbroken until you get home to hookup to a PC.

Re: Your tax dollars at work.

That's still 1.3 million dollars that could've been spent on US citizens or companies

Good

Fuck Israel and fuck the US government.

Re:Good

Fuck Cliton because she's a loser.

Re: Good

All she wanted was to watch Bill again grabbing and fucking strangers in the white house. Aww.

No link?

Where is the link to the torrent?

Re:No link?

You can get it here.

Not sure how I feel about this.

[mmell]

OTOH, it's knowledge, and should be shared for the benefit of all (including Apple, who will doubtless learn from the now available information to craft even better cryptography).

OTOH, they've intentionally made the private data of many users of this privacy/encryption scheme less secure - not only from the US government and Cellbrite, but now from all who would know what they saw fit to hide, whether nefarious or banal.

I've already had half a fifth of whiskey tonight . . . Help me out here, Slashdot. A/C's need not apply.

Re:Not sure how I feel about this.

A/C's need not apply.

So you refuse advice from people who practice what they preach. Thank you for naming yourself as someone who cares more about a person's appearance than their actual content.

Re:Not sure how I feel about this.

[negRo_slim]

Private data on a closed source device... You get what you pay for.

Re: Not sure how I feel about this.

except if they do that it would only apply to some devices as of right now thats iphone 5+

Re:Not sure how I feel about this.

[GNious]

I've already had half a fifth of whiskey tonight . . . Help me out here, Slashdot. A/C's need not apply.

Half of a fifth of a whiskey? so'eh, 1/10th of a whiskey?!?

Re:Not sure how I feel about this.

[JaredOfEuropa]

I've already had half a fifth

So: a tenth. Go metric already! Come to think of it, 750ml bottles are sometimes referred to as a "metric fifth", this is probably the bottle your whiskey came in. Looking at my own bottles of whisky I can't help but noticing that they are all 700ml. What gives? It would not surprise me one bit if our government is behind this, withholding an additional "angels' share" for themselves. Probably for the benefit of Juncker. Hmm. I better have another one.

Re:Not sure how I feel about this.

Half of a fifth of a whiskey? so'eh, 1/10th of a whiskey?!?

This is america. It's 1/2.5th of a whisky. (half of five).

Re:Not sure how I feel about this.

Private data on a closed source device... You get what you pay for.

You do realize why nobody ever bothered writing something like that for Android?

Re: Not sure how I feel about this.

Bout a pint and a half left.

Re: Not sure how I feel about this.

This explains a lot about American intelligence.

Link.

http://cdn5.cellebrite.org/Forensic/UFED/4PC/Cellebrite%20Ufed%20Setup%205.4.0.853%20UFED4PC%20(Fat).exe.cpkg

Have fun.

Behold

The safety of the mighty iOS. But for some reason Android users should be terrified of running a slightly old OS version, unlike iOS users should because of reasons.

Re:Behold

Yup more apple propaganda and bullshit.

Cellebrite?

Why do I have to think of somewhat fatty elder people when I read that name?

(And oh, before you accuse me of ageism: I'm elder -- and somewhat fatty ;-D

Re:Cellebrite?

Then you're nasty so STFU.

Give that man a cigar!

Now let's get to work on getting Trump's tax returns.

The whole "demo" thing is wrong

[Kartu]

As FBI asked for for signed executable that could have checked serial number of the phone and would have been useless on other phones.

Re: The whole "demo" thing is wrong

Apple recently took down their webpage that let users check serial numbers of iOS devices to check if they are stolen. It is speculated that it was because Chinese hackers van use that to find a valid number to flash onto stolen iPads.

So that backdoor that would only work on a specific iPhone isn't much of a guarantee that it can't run on other iPhones.

Told you so

[kbg]

This is exactly what I and everyone else was saying at the time about the FBI case. If an exploit was developed for one phone it would be used for all phones and it would eventually leak out into the Internet. I expect each and everyone who said I was wrong about this issue to make a formal apology.

Re:Told you so

Behaves of all of internet.
We are sorry.
We should have listened to you.
Won't happen again.
A.Non.Ymous

Re:Told you so

Go to your room internet!!!

Re:Told you so

> it would eventually leak

No, it would not leak. It would eventually be flat-out stolen for personal gain. That's what would happen. You speak of it the way retail stores refer to stealing as "shrinkage". Oh the inventory has shrank how did that happen, did we not water it? Just call it like it is, people are self-serving and some even steal.

Now if the coder(s) had any ethics or safety standards the project would have been used & then isolated until needed again. What did they do, keep an .EXE on a shared drive or something? This was VERY preventable. Anyways, back to your desire for an apology... your 'prediction' is unamazing and merely that people are people. Do not believe that code should have, must have, will always inevitably, unstoppably, absolutely 'leak'. A person decided to do that.

Remind people why centralized security is bad.

The owner of the device should be the one setting ALL keys, from bootloader on up signing and verifying the images they use on their device.

Centralized signed firmware images only ensure the 'owner' of the device is not the same as the 'owner' of the data.

Who stole it first..?

[geekmux]

"Now the hacker responsible has publicly released a cache of files allegedly stolen from Cellebrite...some of which may have been copied from publicly available phone cracking tools..."

Well, that's some creative irony labeling a hacker as the thief, since it would appear Cellebrite favors "borrowing" code to create a product to sell to the highest taxpayer-funded bidder...

Re:Who stole it first..?

[Aaron+B+Lingwood]

... it would appear Cellebrite favors "borrowing" code to create a product to sell ...

If some of this code is GPL'd or similar, there is likely cause to sue, which at the least, should see the (legal) release of all source code. I'm sure even Microsoft, who has acquired Cyanogen, could sue for a monetary sum due to unfair competition and breach of licence.

It is also possible that the open-source community can ask the judge to subpoena the code of other products from the company for an audit into code that should be similarly released.

Re:Who stole it first..?

If the code is never distributed, GPL does not have an effect.

See, for example, http://stackoverflow.com/questions/1492687/using-gpl-3rd-party-code-for-internal-closed-source-project

Leaking it out does not count as distributing as far as I know.

Re:Who stole it first..?

[Aaron+B+Lingwood]

If the code is never distributed, GPL does not have an effect.

Very good point.

Do we know if Cellebrite have merely provided a service or have in fact sold or licensed their wares? And, if this is an unknown, would the facts of the case be sufficient to also subpoena the details of the arrangement?

Re:Who stole it first..?

You misunderstand the GPL. You are free to use GPL'd software for "your" own purposes as long as you don't release the software. In this case, Cellebrite need only claim that it was being used for internal purposes and they are fine.

Also, it would be hard for anyone to claim injury, here, since the original code is essentially unattributed (or would be an original work of a hacker, who probably doesn't want to identify him/herself).

CAPTCHA: origins

Re:Who stole it first..?

[Aaron+B+Lingwood]

You misunderstand the GPL.

I doubt that I am misunderstanding the GPL as my livelihood depends on it.

I may be misunderstanding the terms of the situation or not adequately explaining myself.

It is my understanding that Cellebrite have distributed, through a sale or a lease, this software to law enforcement agencies on multiple ocassions. I may in fact be wrong and Cellebrite may have simply provided a service to decrypt the phones themselves - though this would break the chain of custody and create unreasonable liability. Your argument of internal use exemption would apply in the latter case.

According to Cellebrite's Wikipedia entry, it appears that they are indeed marketing and selling this as a product - distributing the software to law enforcement around the world.

Re:Who stole it first..?

[SuiteSisterMary]

Don't the people who the software has been distributed to get to require the source code? Sure, they can then turn around and hand it out to the public world, but my understanding of the GPL isn't 'you use it, you must release the code,' it's 'anybody who gets your software can request a copy of the code.'

Re:Who stole it first..?

[Aaron+B+Lingwood]

Don't the people who the software has been distributed to get to require the source code?

Besides the point that this was purchased with Public monies:
(from GNU's GPL FAQ

Does the GPL require that source code of modified versions be posted to the public?
No. Only to the users.

Does the GPL allow me to require that anyone who receives the software must pay me a fee and/or notify me?
No. You can charge people a fee to get a copy from you. You can't require people to pay you when they get a copy from someone else.

What does “written offer valid for any third party” mean in GPLv2?
People who did not get the binaries directly from you can still receive copies of the source code.

Does the GPL allow me to distribute copies under a nondisclosure agreement?
No.

Depending on the source, I feel that there is valid recourse here.

Re:Who stole it first..?

[Aaron+B+Lingwood]

Don't the people who the software has been distributed to get to require the source code?

Yes. Code must be distributed with the software OR a written offer to provide the code must be distributed with the software.

Any person who has the software may then freely re-distribute it for a fee or for free. In this case, the written offer must still be honoured by the developer.The GPL renders it not illegal nor immoral to "leak" the software and every copy is legitimate. Hacking would still be a crime if it occurred but the copies would be legitimate.

My argument is: If Cellebrite have distributed software containing GPL'd code and not packaged the source or a written offer, then they are in breach of the GPL. If they have packaged the written offer, then it stands for anybody in possession of the software and if they don't honour a request then they are in breach of the GPL.

If these products are in breach of the GPL then it is likely that similar products from the same company are also in breach. This would allow a court to issue a 'motion to compel' to Cellebrite to produce the code for inspection. If these products are also found in breach, then they could be forced to stop distributing, face a financial penalty, and/or forced to release part or all of the code. It could also allow the public to get access to the software via a FOI request to the department using it. Tenuous, but within the realms of possibility and worth trying.

fake news

no proof

pastebin link?

Where is the pastebin link? Why don't we get the primary source for this story? :(

Re:pastebin link?

http://pastebin.com/y9P19guS

but download links are already dead...

Re:pastebin link?

[Noble713]

The Mega.nz links in the pastebin are already broken: http://pastebin.com/y9P19guS

Does this mean?

[ArchieBunker]

I don't need that god awful piece of shit iTunes to manage content on my phone? I mean the main window has a sync button. I add files to my library and click sync but it never copies the files. Only when you click on the tiny phone button on the toolbar and then look at the storage space breakdown does a second sync button show up. This is what actually copies files to your phone. What the fuck Apple?

Oh and say I don't like Apple's default media player. In order to use a third party app I have to enable file sharing with that app, and copy my files over to it. That means I need to delete my iTunes library or else everything is copied to the phone TWICE. Again, what the fuck?

Re:Does this mean?

[SeaFox]

I don't need that god awful piece of shit iTunes to manage content on my phone? I mean the main window has a sync button. I add files to my library and click sync but it never copies the files. Only when you click on the tiny phone button on the toolbar and then look at the storage space breakdown does a second sync button show up. This is what actually copies files to your phone. What the fuck Apple?

I feel like you're doing something wrong here. Isn't the default action of iTunes to automatically sync the device when you plug it in? You have to go to the prefs and explicitly disable that function. As far as your music library goes, in it's original configuration, I do not think iTunes is going to sync new files automatically -- unless you have it set to sync your entire library. Few people would be doing that as most have music libraries too large to sync, or large enough they would not want to dedicate that much of the space on their device to doing so. iTunes works more on the idea of syncing individual playlists now, like people did for iPod Mini/Nano/Shuffle. I have an iPod Nano myself. The way around this is to create a Smart Playlist -- mine is named "Recently Acquired" and set it to have tracks whose Date Added is with the last x weeks/months, and make it an Auto-Updating Smart Playlist. Now set this Smart Playlist to sync to your Device. Now, when you load new tracks in iTunes, the tracks automatically show up in this Smart Playlist, which means when you plug in the phone the tracks will automatically be added to your device, disappearing when they cease to be your definition of "new" to save phone storage.

Oh and say I don't like Apple's default media player. In order to use a third party app I have to enable file sharing with that app, and copy my files over to it. That means I need to delete my iTunes library or else everything is copied to the phone TWICE. Again, what the fuck?

If you aren't interested in using iTunes as your media player, why are you adding the files to iTunes's music library to start with? Just add them with your third-party player and leave them off iTunes. If the third-party player can't read the phone's iTunes library files, and doesn't have an automated way of loading tracks to the device, it sounds like a lousy player. And going back to my previous paragraph, iTunes adding the music files to your phone and causing things to duplicate is something you've done wrong in your original device configuration.

I use an Android handset myself. But I have my music library in iTunes on Windows (because of my old iPod), and the files are synced to my NAS on an automated schedule (it's running right now, in fact). There on the NAS, the files are accessed for playback through 1) a generic DLNA server, 2) Plex, and 3) Subsonic. I have a third-party Subsonic app on my phone, which is what I use to load/play back my own music library on the device instead of manually copying files. The Subsonic client can natively playback all but one format of music from my synced iTunes library, and that's the old 128 kbps DRM iTunes Music Store files, which I have a handful of. It plays back the CDs I ripped in AAC (.m4a), the WAV files, even the Apple Lossless files, all without transcoding. But I can configure the Subsonic server to transcode the high-bitrate lossless files on-demand for streaming specifically on the phone's player. This way, the download usage/storage for the phone is much lower. I have the phone's client set to only download over wi-fi, but I paid the piddly $12/year fee for Internet access on my Subsonic install. So I can load and playback any file from my Subsonic server from any wi-fi connection. I don't really have to plan what music I want on my phone unless I'm going to go on a walk, since I can get whatever I want otherwise. If I was willing to pay for a cellular data plan even that would not matter. Oh, and the client has a setting to automatically load new files that have appeared i

Re:Does this mean?

[ArchieBunker]

I feel like you're doing something wrong here. Isn't the default action of iTunes to automatically sync the device when you plug it in?

Clicking that main sync button only syncs phone data, not media. Why, I have no idea.

If you aren't interested in using iTunes as your media player, why are you adding the files to iTunes's music library to start with? Just add them with your third-party player and leave them off iTunes. If the third-party player can't read the phone's iTunes library files, and doesn't have an automated way of loading tracks to the device, it sounds like a lousy player. And going back to my previous paragraph, iTunes adding the music files to your phone and causing things to duplicate is something you've done wrong in your original device configuration.

I was talking about the media player on the phone. On my PC I use Winamp. iTunes is the only way to copy files to the phone. I don't like the media player on the phone so I downloaded a third party one. The only way it sees files is to enable sharing with iTunes and copy the files in specifically for that app. It won't play what already exists on the phone. That is how Apple locks things down. Yead you

I use an Android handset myself. But I have my music library in iTunes on Windows (because of my old iPod), and the files are synced to my NAS on an automated schedule (it's running right now, in fact). There on the NAS, the files are accessed for playback through 1) a generic DLNA server, 2) Plex, and 3) Subsonic. I have a third-party Subsonic app on my phone, which is what I use to load/play back my own music library on the device instead of manually copying files. The Subsonic client can natively playback all but one format of music from my synced iTunes library, and that's the old 128 kbps DRM iTunes Music Store files, which I have a handful of. It plays back the CDs I ripped in AAC (.m4a), the WAV files, even the Apple Lossless files, all without transcoding. But I can configure the Subsonic server to transcode the high-bitrate lossless files on-demand for streaming specifically on the phone's player. This way, the download usage/storage for the phone is much lower. I have the phone's client set to only download over wi-fi, but I paid the piddly $12/year fee for Internet access on my Subsonic install. So I can load and playback any file from my Subsonic server from any wi-fi connection. I don't really have to plan what music I want on my phone unless I'm going to go on a walk, since I can get whatever I want otherwise. If I was willing to pay for a cellular data plan even that would not matter. Oh, and the client has a setting to automatically load new files that have appeared in the library since the last sync, without me having to set up a Smart Playlist-style trick.

I was an Android user for a long time but got tired of cheap phones and no support from the vendors. The only thing I miss is having extra physical buttons.

Isn't this kinda the opposite of what you said?

[Solandri]

Because Apple did not develop a tool for the FBI to tease out the encrypted data from one phone, the FBI basically offered a cash prize for such capability (went shopping for someone who could). This caused multiple companies / hackers to seek out a way to tease out the data. And eventually when one of them succeeded, they had a fiscal incentive to not disclose the vulnerability to Apple (so they could use it again in the future to make more money). Until it eventually leaked out onto the internet.

If Apple had developed a tool to reverse-engineer their encryption and tease out the data from one phone, it would've been as safe as they could keep it, and they would've had the option to patch whatever vulnerability they used immediately after the FBI was satisfied. There would've been no additional fiscal incentive for someone else to find a vulnerability, because the FBI would've been satisfied and not offered a cash prize for someone else finding a vulnerability. So there would've been a lower chance of such a vulnerability being found, and remaining in the wild (someone who found it might've turned it in to Apple for a bounty, rather than held out hoping to sell it to government agencies).

So basically, Apple refusing to help the FBI increased the chances of this type of exploit being found and spread in the wild.

You would've been right if Apple had created a back door in their encrypted backup servers to satisfy the FBI's request. But that's the kinda of "worst case" thinking that political advocates use to try to make strawmen to win arguments. Engineers think in terms of "least effort" and "least cost" (fiscal and other). Finding an exploit in just this one older phone model would've been an engineer's preferred solution to the problem, not putting a backdoor into the backup servers that would defeat the purpose of encrypting the backups.

Re:Isn't this kinda the opposite of what you said?

[kbg]

It wouldn't have mattered if Apple had developed it or not. FBI employees would have had access to the tool and probably common police officers later down the lane. It would just have been a matter of time before it got leaked into the Internet, because it only takes a single mistake or one rogue agent and the cat is out of the bag.

Breaking & Entering, Illegal access

If someone enters your home or business while you're away, goes through your file cabinet, takes pictures of every document, then leaves without disturbing anything, it's still illegal. The only exception is if your government does it then it's just called surveillance. Double standard hypocrisy. If I remember correctly we had a President that was impeached for ordering exactly that. There should be no legal difference between data on your device, in a briefcase, or in your file cabinet.

The old slashdot

Would have posted the link to actual hacking tools

The new slashdot just constantly links to vice.com for 60% of it's daily content.

Imagine if vice.com suddenly went out of business? Slashdot would have no content to post! All they would have is Rothschild Global warming FUD stories to post all day.

Link to dumps

[Aaron+B+Lingwood]

Link to dumps

Release 1 - the supply chain - a backdoor with backdoors.

In this release find a small sample of the 900GB of mere 'user accounts and basic contact
information' recently liberated from Cellebrite.

The exploit techniques that Cellebrite employ are wrapped in various encryption schemes
in an attempt to protect 'their' intellectual property. The custom routines for
decrypting this lame ass protection are included in this release along with an
accompanying sample .eas (DLL designed to target devices and applications) and .epr
(bootloaders, exploits and shellcode) files.

The more discerning eye will notice that some of the Apple exploits bear a remarkable
resemblance to those available to any teenager interested in the jailbreaking scene;
perhaps not all those tax dollars have been wasted, the Blackberry epr is still worth
a look at.

The ripped, decrypted and fully functioning python script set to utilize the exploits
is also included within.

Download links:
https://mega.nz/#!sZUkSbDT!l74...
https://mega.nz/#!0d9zBQLI!DdK...

Coming soon.....

Release 2 - watching the watchers - pivot to win.

In this release find a small sample of files retrieved via the weaponized Cellebrite
update service deployed on MS Windows based devices and desktops (SYSTEM privs) within
the customer infrastructure.

Analysis of the compression and obfuscation employed by Cellebrite on products supplied to
British MOD juxtaposed with the protection free versions supplied to SOCOM and others is
also included within.

@FBI Be careful in what you wish for.

Re:Link to dumps

Link to dumps

Release 1 - the supply chain - a backdoor with backdoors.

In this release find a small sample of the 900GB of mere 'user accounts and basic contact
information' recently liberated from Cellebrite.

The exploit techniques that Cellebrite employ are wrapped in various encryption schemes
in an attempt to protect 'their' intellectual property. The custom routines for
decrypting this lame ass protection are included in this release along with an
accompanying sample .eas (DLL designed to target devices and applications) and .epr
(bootloaders, exploits and shellcode) files.

The more discerning eye will notice that some of the Apple exploits bear a remarkable
resemblance to those available to any teenager interested in the jailbreaking scene;
perhaps not all those tax dollars have been wasted, the Blackberry epr is still worth
a look at.

The ripped, decrypted and fully functioning python script set to utilize the exploits
is also included within.

Download links:
https://mega.nz/#!sZUkSbDT!l74...
https://mega.nz/#!0d9zBQLI!DdK...

Coming soon.....

Release 2 - watching the watchers - pivot to win.

In this release find a small sample of files retrieved via the weaponized Cellebrite
update service deployed on MS Windows based devices and desktops (SYSTEM privs) within
the customer infrastructure.

Analysis of the compression and obfuscation employed by Cellebrite on products supplied to
British MOD juxtaposed with the protection free versions supplied to SOCOM and others is
also included within.

@FBI Be careful in what you wish for.

links are dead ;( any workign ones ?

Re:Link to dumps

[Aaron+B+Lingwood]

links are dead ;( any workign ones ?

Google "Backdoorz". Expecting a re-release in the next few days. Hopefully on Pastebin but may be elsewhere.>/p>

Awesome site

[abmw]

That site made my day....it will come in handy over the next.....arghhh...4 years.....hmmmm.......phhhhh........shit...