The Israeli firm Cellebrite, which provides digital forensics tools and software to help law enforcement access mobile phones in investigations, has had its firmware and software leaked online. Yes, you heard that right. Cellebrite's most sensitive in-house capabilities have been made public by one of its products' resellers, who is now distributing copies of Cellebrite's firmware and software for anyone to download. The apparent reseller is McSira Professional Solutions, which hosts software for various versions of Cellebrite's Universal Forensic Extraction Device (UFED).
Deploy the latest firmware and drivers for Surface devices.; 2 minutes to read +6; In this article. Although Surface devices are typically automatically updated with the latest device drivers and firmware via Windows Update, sometimes it's necessary to download and install updates manually, such as during a Windows deployment. UFED authorised distributor UFED CelleBrite UFED Ultimate Ruggedized UFED Standard UFED Physical PRO UFED PRO UFED Touch Touch UFED UFED Downloads McSira McSira Millitary McSira Spy.
UFED is one of the company's key products that help investigators bypass the security mechanisms of mobile phones, especially iPhones, and extract all data and passwords from them. For the Cellebrite's hand on iOS devices, you can watch the 2015 YouTube video (below), which demonstrates one of the company's products that unlocked the iPhone device in few hours.
Download Links to Cellebrite's Key Forensic Product
McSira is allowing anyone to download the firmware for the UFED Touch and UFED 4PC (PC version). The company is also hosting copies of UFED packages for different mobile phone brands, including Apple, Samsung, Blackberry, Nokia, and LG. Besides this, McSira is also hosting copies of Cellebrite forensic software, such as the UFED Phone Detective, UFED Cloud Analyzer and Link Analyzer, which allows investigators to analyze seized data further. McSira is likely offering these download links for firmware and software files so that its customers – which, according to its site, are 'police, military and security agencies in the E.U. and other parts of the world' – can conveniently update their hardware to the latest version.
However, the company opened doors for researchers, hackers, and its competitors to download these leaked files, reverse-engineer them, and figure out how Cellebrite's tools break into mobile phones.
Researcher Started Examining leaked Software and Firmware
According to Joseph Cox, freelance security journalist for Motherboard, an unnamed researcher has already started examining the leaked files to disclose the kind of exploits Cellebrite uses to bypass even strong security mechanisms on mobile phones, as well as weaknesses in the implementation of affected phones that could be fixed. Another researcher Pedro Vilaça from SentinelOne said he already cracked some of the Cellebrite software and ran it against an old iPad, though he said he needed to explore the leaked files more to understand the capability of those software better.
'Doesn't seem to be trying to exploit things but just data extraction,' Vilaça told Motherboard. 'For example, I'd to pair my device with iTunes for the logical extraction feature to work.'
Mike Reilly, a PR firm representative that works with Cellebrite, said the McSira website's links 'don't allow access to any of the solutions without a license key,' meaning that downloaders need a key (code) given by Cellebrite or its reseller to run those software. At the time of writing, McSira is hosting these files, but it is not clear how long the files will be hosted on its website. McSira and Cellebrite have yet to comment on the matter.
Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
Researchers say they may be able to reverse-engineer information about how Cellebrite extracts data from phones.
Image: Shutterstock
Cellebrite, an Israeli company that specialises in digital forensics, has dominated the market in helping law enforcement access mobile phones. But one apparent reseller of the company's products is publicly distributing copies of Cellebrite firmware and software for anyone to download.
Although Cellebrite keeps it most sensitive capabilities in-house, the leak may still give researchers, or competitors, a chance to figure out how Cellebrite breaks into and analyzes phones by reverse-engineering the files.
The apparent reseller distributing the files is McSira Professional Solutions, which, according to its website, 'is pleased to serve police, military and security agencies in the E.U. And [sic] in other parts of the world.'
McSira is hosting software for various versions of Cellebrite's Universal Forensic Extraction Device (UFED), hardware that investigators can use to bypass the security mechanisms of phones, and then extract data from them. McSira allows anyone to download firmware for the UFED Touch, and a PC version called UFED 4PC. It is also hosting pieces of Cellebrite forensic software, such as the UFED Cloud Analyzer. This allows investigators to further scrutinize seized data.
Cellebrite's UFED devices are unable to bypass the passcode lock on a number of recent iPhone iterations, including the iPhone 5C, 6, and 7, according to a spreadsheet published by the company. Cellebrite can analyze BlackBerrys and a wide range of Android devices, however.
Cellebrite has previously had the capability of unlocking iOS7 devices.
McSira is likely offering downloads so customers can update their hardware to the latest version with as little fuss as possible. But it may be possible for researchers to take those files, reverse-engineer them, and gain insight into how Cellebrite's tools work.
That may include what sort of exploits Cellebrite uses to bypass the security mechanisms of mobile phones, and weaknesses in the implementation of consumer phones that could be fixed, according to one researcher who has started to examine the files, but was not authorised by his employer to speak to the press about this issue.
Mike Reilly, a representative from a PR firm that works with Cellebrite, told Motherboard that the site's links 'do not allow access to any of the solutions without a license key.' This should mean that someone can't just download the software and run it normally without a code given to them by Cellebrite or a reseller.
Another researcher, Pedro Vilaça from SentinelOne, better known as 'osxreverser', said he managed to crack some of the software and run it against an old test iPad.
'Doesn't seem to be trying to exploit things but just data extraction,' he told Motherboard in an email. 'For example, I had to pair my device with iTunes for the logical extraction feature to work.' But, he said he needed to explore the files more to better understand what is possible with them.
Judging by company brochures, Cellebrite may keep its most sophisticated capabilities in-house. Cellebrite Advanced Investigative Services (CAIS) provide on-demand experts who 'work with you to recover valuable evidence from heavily damaged and/or locked and/or encrypted devices,' one company document reads.
Indeed, Jonathan Zdziarski, an iOS forensics expert, told Motherboard that researchers will likely find 'just a graveyard of old exploits.'
It's not clear how long McSira has been hosting these files, but an archived version of the page dates back to August 19. McSira did not respond to a request for comment, and Cellebrite did not provide a response in time for publication.