iPhone hacking biz Cellebrite hacked

The Israeli company that found fame when it was fingered as a potential source of hacking software used by the FBI to crack open an iPhone has itself been hacked.

In a statement on its website, Cellebrite today admitted that an “external web server” containing the company’s license management system had been accessed by an unknown third party. The company is still investigating the extent of the hack, but it has advised all its customers to change their passwords.
The biz says the database is an old one – it has migrated to a new system – but warned that basic contact information for people that were registered to receive notifications from the company has been accessed. As much as 900GB of information was taken by hackers, according to Motherboard, whose report earlier today led to Cellebrite’s confession in the past hour.
Such a database could prove valuable given Cellebrite’s line of work: it specializes in mobile forensics. In that capacity, the FBI apparently approached it in an effort to crack the iPhone of San Bernardino shooter Syed Farook.
Farook was running version 9 of the iOS mobile software, which encrypted the phone’s data and required a four-digit pin to access it. Too many wrong tries effectively render the phone inoperable. The FBI decided to use the case to have a very public fight with Apple over its security features, demanding that the iTunes giant give the FBI access to the phone.
Apple refused, stating that it was effectively being told to break its own product, and the impasse became national news, with politicians dragged into the argument. In the end, in a face-saving exercise, the FBI said it had found a third-party vendor that could access the phone, and backed down from what had by then become a legal challenge.
闲话安全意识培训的价值
多家网站曝出严重安全漏洞,在得到修复之前暂时不要使用它们,另要确保在不同的网站使用不同的密码。
Although neither the FBI nor Cellebrite ever confirmed the forensics company was the source of the hack, neither denied reports, either. Whatever biz bypassed the smartphone’s security, it received as much as $1m for its troubles. With that amount of money flying about, it was inevitable that hackers would try to get into Cellebrite’s systems.
“Cellebrite actively maintains an ongoing information security program and is committed to safeguarding sensitive customer information using best-in-class security countermeasures,” the company assured customers. “Once the investigation of this attack is complete, the company will take any appropriate steps necessary to harden its security posture to mitigate the risk of future breaches.”
The outfit, which is a subsidiary of the Japanese Sun Corporation but is based in Israel, said it was working with the authorities to try to track down the hackers. ®
Sponsored:
Customer Identity and Access Management
黑客产业链角色职责分析,这些主要角色包括:漏洞研究人员、僵尸网络控制者、数据分析师、加密高手、刷卡及截货人、钱驴和移动专家。

猜您喜欢

TurboMail邮件系统 专业针对企业提供邮件安全解决方案
酒店行业信息安全现状很糟糕
网络安全人人有责公益教育短片——APT高级持续性威胁
造型年轻/配置丰富宝骏510实车到店
CIMING ADAPTLYTALKS
网络钓鱼攻击的演变历史及趋势