Hacker hacks data of Israeli smartphone hacking company Cellebrite

Israel’s Cellebrite is a leading company in the mobile phone hacking business. Their flagship product is the UFED Touch2, a device that can quickly extract data from smartphones. The touchscreen device comes in regular and rugged versions, and can perform analytics of the extracted data, such as looking into the history of the geolocation data. The data is extracted without destruction of the data on the device, and supports the hacking of even deleted files and passwords.

Cellebrite is a favorite with the FBI, who approached the company to attempt to extract data from the locked iPhone of one of the San Bernardino, California shooters.

The FBI may not be the only customers who come calling on Cellebrite, as hacked data reveals possible connections to authoritarian regimes known for human rights violations. A hacker has provided Motherboard with 900 GB of hacked Cellebrite data.

The data appears to be from the my.Cellebrite domain used by customers for accessing updates to products. The company had stopped using the domain, and had migrated users to a newer domain. The hacked database contains basic contact information and hashed passwords of users who have not yet migrated to a newer system. The domain was used to serve alerts and notifications for users who signed up for updates.

Cellebrite has issued a statement saying that they are investigating the breach, and exploring the legal options available to them. The affected customers are directly being notified of the breach. Users have been advised to change their passwords, in case they have not yet migrated to the newer system.

READ  Avira Password Manager generates, saves and encrypts passwords

There is no specific increase in risk to customers because of the data breach. After the investigation, Cellebrite has committed to taking the necessary steps to fortify its security measures to prevent any such incidents in the future.