- A recent report by Forbes reveals that federal hacking tools used to break into phones and tablets are available for sale on websites like eBay.
- A security researcher from Hacker House was able to purchase a dozen Cellebrite devices and conduct a security test on them.
- The devices can be misused by cybercriminals for hacking, tampering with evidence or gaining access to sensitive police data.
An eBay merchant bumped into a Cellebrite device at an auction in the UK. The device could very well be mistaken for a tablet which is why he didn’t realize the device’s potential at first. However, the individual recently found out that Cellebrite is actually a hacking tool used by the federal police to break into phones of suspects.
Cellebrite has been used to break into millions of smartphones of police suspects with authorities paying millions of dollars to break into devices. However, used units are being sold for anything between $100 and $1,000 which is a far cry from the usual price tag of over $6,000. The manufacturer of the device is displeased with the sales of its hacking devices on eBay and other online platforms. The devices are meant to be properly decommissioned after use, but their owners are not properly wiping all data which can lead to sensitive police data being leaked.
Cellebrite UFED classic exploits & functions – I got this gem at an auction – has SIM card cloning features (elite) pic.twitter.com/xmLCgVO7iG
— Hacker Fantastic (@hackerfantastic) February 11, 2019
The hacking tools often take advantage of vulnerabilities in Android and iOS, and it could lead to dire consequences if they end up in the wrong hands. Cybersecurity researcher and co-founder of training academy Hacker House, Matthew Hickey, bought 12 UFED devices available on eBay and conducted some security tests. Hickey reported that security on the hacking tools was not up to the mark and was open to exploits. He was able to pull the admin account authentication details and take full control over the devices fairly easily.
Skilled hackers would be able to launch malicious attacks against Android and iOS users with the information available from hacking tools. They could also be used for falsifying evidence and reversing the forensics process against police suspects. It remains to be seen if legal authorities or the manufacturer cracks down on secondhand sales of Cellebrite.