The famous mobile forensics solutions company Cellebrite was seriously breached by computer hackers and sensitive company data has been disclosed to technology journalists.
Cellebrite Data Obtained By Motherboard
Mobile forensics is a sensitive field where not many companies operate. In a surprising move computer hackers have breached one of the famous solutions providers Cellebrite and disclosed the harvested information to Motherboard journalists. The obtained data totals 900 GB in size and contains customer information, various databases and detailed technical information about the company’s products. According to some experts this is a form of retaliation against companies and corporations that specialize in surveillance and anti-hacking technologies. The hacker’s goals are probably to disrupt some of the carried operations that have had consequences on criminal groups in the past.
Cellebrite is an Israeli vendor which has developed a solution called the Universal Forensic Extraction Device (UFED) which can extract data from thousands of different models of phones including emails, SMS messages, call logs and more. The only requirement is physical proximity to the targets. Operators can also bypass user locks, recover application data and reveal deleted information. In addition encrypted data can be decoded using various algorithms. The company’s products are often used by US federal and state law enforcement institutions and also by countries like Turkey, Russia and the UAE.
It appears that the compromised data from Cellebrite’s site comes from servers that are related to its web page. What we know about the cache is that it contains account credentials for logging in into a customer database service. This section is used by customers of the company to access new software versions. Motherboard staff confirmed that the email addresses found in the data set were valid.
Other information contained in the dump also contains evidence files and reports from processed devices and log files from Cellebrite’s solutions. Judging from the timestamps on some of the files some of the files have been downloaded from the company’s servers last year.
Cellebrite are conducting an in-depth investigation according to an official statement:
Petah Tikvah, IL—January 12, 2017—Cellebrite recently experienced unauthorized access to an external web server. The company is conducting an investigation to determine the extent of the breach. The impacted server included a legacy database backup of my.Cellebrite, the company’s end user license management system. The company had previously migrated to a new user accounts system. Presently, it is known that the information accessed includes basic contact information of users registered for alerts or notifications on Cellebrite products and hashed passwords for users who have not yet migrated to the new system. To date, the company is not aware of any specific increased risk to customers as a result of this incident; however, my.Cellebrite account holders are advised to change their passwords as a precaution.
Cellebrite actively maintains an ongoing information security program and is committed to safeguarding sensitive customer information using best in class security countermeasures. Once the investigation of this attack is complete, the company will take any appropriate steps necessary to harden its security posture to mitigate the risk of future breaches.
Cellebrite is in the process of notifying affected customers.
The company is working with relevant authorities regarding this illegal action and are assisting in their investigation.