When Apple was placed against the wall by the United States government to create a security breach (a backdoor) on iOS, in order to allow intelligence agencies to ?get in? on the iPhone 5c used by San Bernardino terrorist, the company hit the ground running and refused to cooperate. Time later, with the help of an Israeli firm, the American government was able to hack the iPhone and gain access to the information it wanted.
In Apple's view, although it is possible to develop this "GovtOS", it would be too unwise to create a kind of ?master key? for the system since, sooner or later, someone would be able to steal that key leaving millions of users of iPads, iPhones and iPods touch vulnerable.
Showing that the argument is more than valid, the Motherboard reported today that in mid-January a hacker stole 900GB of data from Cellebrite (responsible for helping the FBI to unlock the terrorist's iPhone 5c), suggesting that the company sold its spy technology to governments in Turkey, the United Arab Emirates and Russia.
Now, confirming that not even a company specializing in espionage can protect itself today, the hacker responsible for the theft published the cache of files allegedly stolen from Cellebrite related to old Android, BlackBerry and iPhone devices.
Motherboard, the hacker made the following statement: ?The debate around backdoors it won't disappear. Instead, it is almost certain to become even more intense as we move towards a more authoritarian society. It is important to demonstrate that when you create these tools, they will leak. History must make that clear. ?
For those who don't know, Cellebrite is a company specialized in extracting data from cell phones for intelligence agencies. The company's most famous product Universal Forensic Extraction Device (UFED), software embedded in a device the size of a laptop that, when connected to a phone, can extract SMSs, emails and more. Also according to Motherboard, the state police and American highway patrol agencies have spent millions of dollars together on the technology marketed by Cellebrite.
The hacker claimed to have retrieved the data from a remote company server, extracting it from UFED images. The files were encrypted, but everything was properly circumvented by him. Speaking specifically of iOS, the hacker noted that many of the codes related to Apple's mobile operating system are similar to those used by the community jailbreak (perhaps because most of these codes created / used by hackers in the community will be public).
The security researcher Jonathan Zdziarski looked at the files and joined in with the hacker, agreeing that some of the iOS files were almost identical to the tools created and used by the community jailbreak, including patched versions of Apple firmware designed to break security mechanisms on older iPhones. Want an example? A series of configuration files refer to limera1n, a configuration tool jailbreak created by the famous Geohot; others were quite similar, slightly modified, adapted for research purposes to the QuickPWN tool codes.
Taking hers out of the line (or "Joo Sem Brao", as you prefer), Cellebrite said Motherboard that "the referenced files are art of the package distributed to the applications and are available to our consumers", and that "they do not include any source code". However, as was cache of the data includes much more.
Was Apple right or wrong in stating that, sooner or later, if ?GovtOS? was really created, would it be stolen? The game of cat and mouse always exists, there's no way