News Categories

Alleged San Bernardino iPhone crackers have been hacked in turn

By Ian Chee & Marcus Wong - on 13 Jan 2017, 2:23pm

Alleged San Bernardino iPhone crackers have been hacked in turn

Remember the tussle between the FBI and Apple over the cracking of an iPhone belonging to the San Bernardino shooter?

 Well, Cellebrite has long been suspected to be the company that stepped in to unlock the iPhone of the shooter, and now it has just posted a notice on its website to say that it has itself been hacked. Apparently, the breach occurred on an external web server that held a “legacy database backup” of the company’s own end user license management system my.Cellebrite, which it has already migrated away from.

Cellebrite claims that it is unaware of any “specific increased risk” to customers, but given that the database held basic contact information for users registered for alerts and hashed passwords for users who hadn’t yet been migrated over to the new system, it’s highly likely the damage is much worse. Ars Technica reports that the data stolen reveals that the company sells its services to countries with questionable humans rights records, including Turkey, Russia and the United Arab Emirates.  

Meanwhile, Motherboard claims they’ve obtained 900GB worth of data from the hack, and that they’ve been in contact with the hacker, who has told them that access to Cellebrite’s systems has been traded amongst a select few in IRC chat rooms.“To be honest, had it not been for the recent stance taken by Western governments no one would have known but us,” the hacker told Motherboard. Call it the latest in a wave of tit for tat attacks between hackers and those who aid the government perhaps?

One thing for sure is that this won't be the last of it.

Sources: Ars Technica, Motherboard, Apple Insider