Notifications
Clear all

Cellebrite leak

18 Posts
6 Users
0 Likes
2,047 Views
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
Topic starter
 

Maybe there is a problem (ethical) behind some tools 😯
https://motherboard.vice.com/en_us/article/hacker-dumps-ios-cracking-tools-allegedly-stolen-from-cellebrite

jaclaz

 
Posted : 04/02/2017 1:17 am
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
 

Disagree completely. Cellebrite has proven over years that they provide highly professional tools and services. In addition an external web! server (not internal, not filer) was hit. Working with external partners contains always a certain risk on all aspects you cannot control.

There is no ethical problem at all.

 
Posted : 04/02/2017 2:10 am
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
Topic starter
 

There is no ethical problem at all.

If you don't see it, then there is not one for you (but there still is one for those that can see it).

In my personal ethics (provided that what is written in the article is correct) there is (as said hypothetically) a serious mis-representaton of the sources and possibly also IP (Intellectual Property) theft, let alone breaking Copyright and no-redistribution policies.

jaclaz

 
Posted : 04/02/2017 5:20 pm
passcodeunlock
(@passcodeunlock)
Posts: 792
Prominent Member
 

In my personal ethics (provided that what is written in the article is correct) there is (as said hypothetically) a serious mis-representation of the sources and possibly also IP (Intellectual Property) theft, let alone breaking Copyright and no-redistribution policies.

jaclaz

jaclaz's cautious approach to the subject is fair, please read and understand the full sentence and not only parts of it )

The big problem is that we all get only partial informations from different sources, which could be reliable or not. As outsiders, we can't know about internal agreements and contracts of a company and the other 3rd parties involved.

Until there aren't proven things pro or contra, the best is to stay neutral to this ethical or not subject.

 
Posted : 04/02/2017 8:44 pm
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
 

http//www.cellebrite.com/Mobile-Forensics/News-Events/Press-Releases/cellebrite-statement-on-information-security-breach

 
Posted : 04/02/2017 10:02 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
Topic starter
 

http//www.cellebrite.com/Mobile-Forensics/News-Events/Press-Releases/cellebrite-statement-on-information-security-breach

That statement is ONLY about the leaking of usernames/passwords/contacts of customers, it relates to this article
https://motherboard.vice.com/en_us/article/hacker-steals-900-gb-of-cellebrite-data
NOT to the one in first post, to this latter this statement (to Motherboard) is all we have

A spokesperson for Cellebrite told Motherboard in an email "The files referenced here are part of the distribution package of our application and are available to our customers. They do not include any source code."

jaclaz

 
Posted : 04/02/2017 11:38 pm
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
 

Correct, but the press release is an integral part of the issue and its an OFFICIAL statement of the company itself versus a press voice.

 
Posted : 05/02/2017 12:07 am
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
Topic starter
 

Correct, but the press release is an integral part of the issue and its an OFFICIAL statement of the company itself versus a press voice.

Look, these are DISTINCT issues within the SAME data leak
1) the leak of some customer contacts/data/passwords
2) the report that BESIDES the above the leaked data contains files (that allegedly - per Celebrite spokesperson cited - are part of the distribution package) <- No, I don't think that Motherboard wouldn't invent this
3) the hypothesis that some of such "part of the distribution package" - once decrypted - contain code of dubious or misrepresented origin (either non-redistributable or however whose IP is not correctly represented).

The cited article (AND the reported Cellebrite spokesperson statement) deal with #2 and #3, whilst the older article (AND the mentioned Cellebrite press release) deal with #1.

jaclaz

 
Posted : 05/02/2017 2:20 pm
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
 

Already Jan 24th Cellebrite posted especially for Forensic customers this statement

http//www.cellebrite.com/Mobile-Forensics/News-Events/Press-Releases/Update-on-Information-Security-Investigation-to-Forensic-Customers

@jaclaz Did you know this before?

 
Posted : 05/02/2017 6:22 pm
(@shahartal)
Posts: 27
Eminent Member
 

Hi,
Cellebrite here.
Unfortunately, I cannot talk about details of the ongoing criminal investigation as well as the information stolen from Cellebrite.
At this point I can clearly say that many of the articles include false assumptions and misleading titles that fail to represent reality.

Shahar

 
Posted : 05/02/2017 7:41 pm
Page 1 / 2
Share: