Connect with us


A smartphone hacking tool used by the FBI is available on eBay and everything is horrible

Ew, gross.

Cellebrite smartphone hacking tools
Image: Cellebrite

You might think that when law enforcement or forensics companies buy powerful tools like Cellebrite’s UFED, which is used to crack open iPhones, Androids and other mobile devices for data, that the expensive hacking tools would be kept under lock and key. You certainly wouldn’t expect to see those tools sold on eBay, for fractions of the retail price and often without the device’s internal memory being wiped.

eBay has everything, including hacking tools

The Israeli-made UFED is used the world over by police forces and other enforcement authorities to get data off of locked smartphones. It does this so well that everyone from the FBI to ICE gives Cellebrite millions of dollars to get into phones that are part of investigations.

For a tool that starts at $6,000 with that level of utility, what would you think they would fetch on the black market? Double? Triple? Would-be hackers don’t even have to resort to the underworld to get their hands on one – used Cellebrite devices are on eBay, selling for between $100 and $1000 each.

Data dumped

That’s a pretty steep discount for one of the best mobile device crackers on the market, but it’s not the whole story. These second-hand devices often aren’t wiped, with full histories of prior searched devices, including when and what data was recovered. Identifying data like the IMEI of the handsets is also recoverable.

That prior data has been left on is bad enough. Matthew Hickey, a cybersecurity researcher and co-founder of training academy Hacker House, grabbed a bunch of the UFED devices off of eBay earlier this month to test, and his findings are a little concerning, to say the least. Along with the prior data, he found Wi-Fi passwords (probably for the networks of police agencies or private forensics firms), admin passwords and how to control the devices, bypassing licensing locks.

With that information, a skilled malicious actor could modify a UFED to falsify evidence or maybe even make a handset that could hack the UFED back when connected.

To their credit, Cellebrite has warned its customers against reselling its devices, citing the issues if those devices got into the wrong hands. It just appears that, for some customers, that warning has fallen on deaf ears.

What do you think? Should eBay allow people to sell these hacking tools? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Follow us on Flipboard, Google News, or Apple News

Maker, meme-r, and unabashed geek with nearly half a decade of blogging experience. If it runs on electricity (or even if it doesn't), Joe probably has one around his office somewhere. His hobbies include photography, animation, and hoarding Reddit gold.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Deals of the Day

  1. Paramount+: Live Sports Starting at $2.50/mo. for 12 Mos. Sports - Try It Free w/ code: SPORTS
  2. Hot offer: Bose Soundbar for 22% off (rarely discounted)
  3. Save up to $60 on select Samsung headphones at Best Buy
  4. 20% off: GoTrax - Xr PRO Commuting Electric Scooter w/19mi Max Operating Range & 15.5 Max Speed

More in News