The Israeli company that found fame when it was fingered as a potential source of hacking software used by the FBI to crack open an iPhone has itself been hacked.
In a statement on its website, Cellebrite today admitted that an “external web server” containing the company’s license management system had been accessed by an unknown third party. The company is still investigating the extent of the hack, but it has advised all its customers to change their passwords.
The Israeli firm confirmed that it suffered a 900GB data breach, roughly the amount of data contained in 177,000 emails. The hacker reportedly shared the data with Motherboard, a website that has been exploring whether Cellebrite’s rapid phone-cracking technology has been used in questionable ways.
“U.S. law-enforcement agencies have invested heavily in the tech, but Cellebrite may have also sold its wares to authoritarian regimes with abysmal human-rights records, such as Turkey, the United Arab Emirates and Russia, according to a large cache of data obtained by Motherboard,” the website said Thursday. “The revelations raise questions around Cellebrite’s choice of customers, whether it vets them and what policies, if any, are in place to stop Cellebrite’s technology from being used against journalists or activists.”
Cellebrite were alerted to the incident when Motherboard contacted the firm and informed them about the breach after which the company started conducting an investigation to determine the extent of the breach.
When asked about his motivation behind the attack, the hacker cited recent changes in surveillance legislation by Western governments and it is this which forced him to target Cellebrite.
According to Cellebrite website, the company’s powerful Universal Forensic Extraction Device (UFED) solutions deliver the only complete, end-to-end Digital Forensics Platform on the market and has more than 40,000 UFED licenses deployed globally in 100 countries,