Connect with us


A smartphone hacking tool used by the FBI is available on eBay and everything is horrible

Ew, gross.

cellebrite smartphone hacking tools
Image: Cellebrite

You might think that when law enforcement or forensics companies buy powerful tools like Cellebrite’s UFED, which is used to crack open iPhones, Androids and other mobile devices for data, that the expensive hacking tools would be kept under lock and key. You certainly wouldn’t expect to see those tools sold on eBay, for fractions of the retail price and often without the device’s internal memory being wiped.

eBay has everything, including hacking tools

The Israeli-made UFED is used the world over by police forces and other enforcement authorities to get data off of locked smartphones. It does this so well that everyone from the FBI to ICE gives Cellebrite millions of dollars to get into phones that are part of investigations.

For a tool that starts at $6,000 with that level of utility, what would you think they would fetch on the black market? Double? Triple? Would-be hackers don’t even have to resort to the underworld to get their hands on one – used Cellebrite devices are on eBay, selling for between $100 and $1000 each.

Data dumped

That’s a pretty steep discount for one of the best mobile device crackers on the market, but it’s not the whole story. These second-hand devices often aren’t wiped, with full histories of prior searched devices, including when and what data was recovered. Identifying data like the IMEI of the handsets is also recoverable.

That prior data has been left on is bad enough. Matthew Hickey, a cybersecurity researcher and co-founder of training academy Hacker House, grabbed a bunch of the UFED devices off of eBay earlier this month to test, and his findings are a little concerning, to say the least. Along with the prior data, he found Wi-Fi passwords (probably for the networks of police agencies or private forensics firms), admin passwords and how to control the devices, bypassing licensing locks.

With that information, a skilled malicious actor could modify a UFED to falsify evidence or maybe even make a handset that could hack the UFED back when connected.

To their credit, Cellebrite has warned its customers against reselling its devices, citing the issues if those devices got into the wrong hands. It just appears that, for some customers, that warning has fallen on deaf ears.

What do you think? Should eBay allow people to sell these hacking tools? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

More in News