Cellebrite leak

Already Jan 24th Cellebrite posted especially for Forensic customers this statement

http//www.cellebrite.com/Mobile-Forensics/News-Events/Press-Releases/Update-on-Information-Security-Investigation-to-Forensic-Customers

@jaclaz Did you know this before?

Not really, but it still doesn't change anything when it comes to the (hypothetical) ethical issue.

Try re-reading this part of that press release a couple times,

Contrary to some erroneous reports, the attack did not impact any Cellebrite intellectual property related to the delivery of Cellebrite Forensic products and services, such as proprietary source code.

I am very happy that

There is no increased risk to Cellebrite Forensic customers as a result of normal, ongoing use of Cellebrite UFED software and hardware, including routine software updates.

but this has nothing to do with the (as reported and to be further confirmed) findings about the (dubious) origin of the code and/or the (alleged) infringement of third party IP or copyrights.

Hi,
Cellebrite here.
Unfortunately, I cannot talk about details of the ongoing criminal investigation as well as the information stolen from Cellebrite.
At this point I can clearly say that many of the articles include false assumptions and misleading titles that fail to represent reality.

Shahar

Don't worry, I understand how you cannot talk the details ) on such a case.
Still it is IMNSHO not fair to "generically" affirm that "many of the articles" (which of them?) include "false" assumptions (which assumptions?) and "misleading" titles.
Surprisingly 😯 the specific title
"Hacker Dumps iOS Cracking Tools Allegedly Stolen from Cellebrite"
seems like extremely accurate.

jaclaz

In my opinion when it comes to rooting, jailbreaking, JTAGing, chip-off, and decap solutions within the commercial forensic tool vendors arena, vast majority (99.2%) are not original.

They are from the rooting, jailbreaking, device repair, and similar online communities where this information is shared readily.

With all respect how do you calculate the 99.2%?

Triple nested 80/20. A fifth of a fifth of a fifth. 20% of 20% of 20%. mrgreen

That would be vast, would be majority, and it would also be vast majority. twisted

It also happens to be (more or less) the number I came up with after reviewing vendor specific solutions a few years ago. I had to make a presentation to show which tools would cover the most devices. A Sisyphean order, but orders are orders.

With all respect how do you calculate the 99.2%?

Thank you jhup!

But I do not agree that forensics manufacturers just harvest the web for vulns and hacks. If there are vulns its highly possible that multiple geeks find them. In addition only a small fraction is posted in Public or Deep Web. Best only findeable/buyable on Dark Web.

And OSINT is free for everybody but requests hard efforts to find. If you are good enough you don't buy a suite but collect and code yourself.

Yes, an order is an order.

I agree, they do not just harvest the web for vulns and hacks. The mostly do. twisted

Take a look at the development and research departments' size at the major forensicating tool vendors. Can you see a large research budget supporting them? Heck, some cannot fix bugs we reported to them years ago!

A business is a business. They might have some tweaks, compilation of multiple solutions, consistency and process to implement disparate methods into a single path.

Yet, I doubt they have an army of experts pecking at each and every device with various versions of firmware and a plethora of software.

I am not disparaging them. Good for them to be able to implement solutions others have used. But let us not pretend they are somehow the authoritative source for cutting edge discovery, on par with the Large Hadron Collider research team.

Completely agree with you jhup especially that their research teams are too small and - some - fail to patch bugs in a reasonable time (we too experienced this).

My view is that a professional in a field does not rely in general on 'given' tools. You have to be a top examiner without a forensics suite.

Forensics suites mislead because they are so 'convenient'.

Do It Yourself is somehow hard but you LEARN! And to LEARN! is what I most the time miss at new examiners coming in. Thats the reason I (maybe negatively) post a lot to increase collaboration learning.

I want to learn from others too. The one who says he is an expert has lost the fight. Never say you are an expert. Better say I want to LEARN!

P.S. The LHC is impressive to visit -)

jhup,

Based on what information are you saying the things you say?
Are you a Cellebrite customer or you just assume?

From what you posted, you have very partial information about Cellebrite products and capabilities.

Best regards,
Ron Serber