Israeli mobile forensics firm, Cellebrite, often the target of controversy amidst claims of being used by the government to spy on journalists and human rights activists, has suffered a data breach losing about 1.7TB of data.
This data was then posted online by Enlace Hacktivista. Another 103GB of data from Swedish forensics company MSAB was also leaked. Both data archives are available to download both as torrents and direct downloads from Enlance Hacktivista and DDoSecrets at the time of writing.
Both firms are reportedly well known for their software being used to collect data from the phones of journalists, activists and dissidents, in addition to being used for human rights abuses. This makes them a prime target for hacktivists and whistleblowers.
Cellebrite UFED (Universal Forensics Extraction Device) is one of the company’s most popular services used by law enforcement and intelligence agencies alike to unlock and access data from confiscated mobile devices.
According to the Enlace Hacktivista homepage, an anonymous whistleblower sent them phone forensics software and documentation from the two companies on January 13. Neither Enlace Hacktivista nor DDoSecrets have made any claims about the data’s validity and source nor the whistleblower’s identity.
That said, the 1.7TB archive shared by the whistleblower seems to contain the entire Cellebrite suite of programs, including the company’s famous UFED, license tools, the Physical Analyser and Physical Analyser Ultra as well as the Cellebrite Reader.
Several files used for localising the programs and technical guides, and documentation for customers were also included in the archive. The files are dated anywhere from December 3, 2022, and go as far back as November 19 2022, at least in the case of UFED-related leaks.
“There was no sensitive information exposed. Additionally, neither Cellebrite’s systems nor customer information was jeopardized. The post contains files available to Cellebrite customers and will not work without an active license,” Cellebrite said. “The overwhelming majority of the files are world maps and translation packs, which were likely included to inflate the size and gain undue attention.”
In 2021, Signal CEO Moxie Marlinspike revealed vulnerabilities in Cellebrite’s software security that could allow an attacker to execute arbitrary code on Cellebrite’s machine by using a specially formatted file.
In the News: FortiOS SSL-VPN vulnerability is being exploited to target governments, even after being patched
Update | 7:15 pm (IST): The story has been updated with Cellebrite's statement.