Cybersecurity Firm Leaks Hacking Tools, as Apple Warned
Assistant Technology Editor
When experts say “no, this could be a bad idea,” it may be a good idea to listen to them. This is especially true when not listening could result in something bad happening, or in this case, a tool falling in the wrong hands. This was a lesson that the FBI had to learn the hard way in regards to the phone of San Bernadino suspect, the data locked within it and how they went about acquiring it.
After last year’s San Bernadino incident, the FBI tried to gain access to an iPhone 5c, according to Redmond Pie. Apple refused to help them unlock the phone, as they said “it would create the potential for that tool to then fall into the wrong hands and ultimately make iPhone encryption obsolete.” Because Apple refused to cooperate, the FBI asked Israeli firm Cellebrite to do the job instead.
Unfortunately, recently Cellebrite has been hacked themselves, and the tools used to get into the iPhone have been leaked. A remote Cellebrite server was hacked, and 900GB of data was stolen. The hack also showed that Cellebrite worked with Russia, Turkey and the UAE. Many of the tools found were similar to those used for jailbreaking, “a community of iPhone hackers that typically breaks into iOS devices and release its code publicly for free.” Jailbreaking also allows users to install unofficial apps not on the App Store onto their phones, according to PC World.
Using third parties like Cellebrite isn’t the only way the U.S. government can access phones. The government can also use manual labor to retrieve data, according to TechDirt. “In one instance, the Secret Service was able to pull out the phone’s flash memory and grab data from it, although this process took it nearly a week,” TechDirt said. Another case had the Secret Service “sand[ing] off material from the back of the Huawei H883G device to excise sexually explicit images.” Compared to the FBI, the Secret Service doesn’t use encryption tools as much. While it’s possible that the Secret Service doesn’t run into as many encrypted phones as the FBI, the Secret Service has shown that they can get into phones without all-access backdoor keys.
The manufacturers of phones that draw less interest from consumers are also making their phones more secure when compared to Apple and Samsung. While it’s not something they’re doing intentionally, they also see no need “to expend research resources trying to find a way around the phone’s built-in protections.”
Phones aren’t the only electronics at risk of being hacked though. State-sponsored hackers have been attempting to hack into the inboxes of prominent journalists, according to Politico. Journalists have been receiving messages from Google since the U.S. election cycle ended. The warnings didn’t mean that the accounts had been hacked into, but they were sent to make users aware of what was happening. While it is not certain, many are thinking that the Russians are involved in the incident.
President Trump plans to order a 60 day report on U.S. cybersecurity, according to The Register. While the order is only a draft, it notes that the internet is vulnerable to attacks that could affect the U.S. economy and national interests.
President Trump made a promise about the cyber review order during his campaign, according to ArsTechnica. It “spells out who will conduct the review and what its specific goals are.”
With recent cybersecurity issues, jobs in cybersecurity are reaching a higher demand. As a result, ODU has recently signed an articulation agreement with TCC. This articulation agreement will allow TCC students who graduate with an Associate’s in Information Systems Technology to transfer to ODU’s cybersecurity program, offered by the College of Arts and Letters.