SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
22 Dec 2016

Backroom trading of phone cracking devices is sketchy as hell

The mobile forensics trade is booming. As smartphones have proliferated into every corner of our lives, many state law enforcement agencies in the US have bought devices for extracting phone passcodes and siphoning off data too, as an investigation found.

But it appears you don't necessarily have to be a cop or a forensics contractor to buy phone cracking tech. Several different types of devices are available via online marketplaces and stores, and some sellers seemingly don't check who they are selling the items to either.

To approach one eBay seller, experts created an email address suggesting we were a worker at a forensics shop. On the site, one vendor who sells firewalls and other pieces of hardware is offering potential customers a wad of Cellebrite's Universal Extraction Forensics Devices, or UFEDs. These devices allow users to extract data, such as contact lists, emails, and text messages, from cellphones when they have physical access to the phone. Specifically, the vendor is selling the “ruggedized” version of the UFED, typically used by law enforcement while out in the field.

When asked if each device came with the appropriate software, the vendor said it was “available online, you can download it.” Another vendor on eBay is selling Cellebrite's UFED CHINEX add-on for $2,500. CHINEX is specifically for pulling data and passwords from phones manufactured with Chinese chipsets.

Cellebrite is an Israeli company that dominates the market in granting law enforcement agencies access to locked mobile phones. Many websites that sell Cellebrite products require the customer to register and then request a quote or enter a password-protected section of the store to view actual prices and make an order.

But on the site for a Polish company that specialises in tools for detectives, visitors can buy a UFED Touch Ultimate for just over £11,000 ($13,700). This version of the UFED can circumvent password protections on Android devices, including the Samsung Galaxy S family, according to a Cellebrite brochure. It also can carry out physical extraction of data—ultimately, recovering deleted files—from the phone.

When experts added the item to a cart, the website allowed this reporter to progress through the entire process—giving a shipping address, creating a customer account—without ever having to prove or suggest whether we were a forensics contractor or law enforcement officer at all. The terms and conditions of the site make no mention whatsoever of any type of person they will not sell products to.

The site also sells licenses for Cellebrite products, meaning users will receive the latest updates and have access to technical support. Researchers showed these examples to a Cellebrite spokesperson, who said in a statement: “Cellebrite explicitly prohibits resale of UFED products in all end user license agreements.”

These are powerful devices, capable of hoovering up vast quantities of sensitive data from mobile phones. According to law enforcement, they are absolutely essential to capturing and preserving forensics evidence in criminal prosecutions. But Cellebrite devices have also been misused.

Cellebrite technology was used to dig up dirt on a political activist. The information obtained from the dissident's mobile phone was then used to prosecute him. When pretty much anyone can apparently buy these devices, the opportunity for abuse grows dramatically. A jealous boyfriend, a paranoid employer, or financially driven criminals could all make effective use of the technologies on offer.

Tags:
information leaks
Source:
Motherboard
2464
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015