Every product here is selected by Mashable journalists. ” class=”microcontent” data-fragment=”lead-image” data-image=”https://mondrian.mashable.com/uploads%252Fcard%252Fimage%252F942386%252F13285dfb-34ef-463b-ab00-40c5ba0302af.png%252F950x534__filters%253Aquality%252890%2529.png?signature=zr4YhRETdrbF8p1VoEuCsrOQbyg=&source=https%3A%2F%2Fblueprint-api-production.s3.amazonaws.com” data-micro=”1″ data-url=”null” src=”https://mondrian.mashable.com/uploads%252Fcard%252Fimage%252F942386%252F1
Hacking a smartphone just got a whole lot cheaper.
A tool once favored by law enforcement for pulling data off locked phones is now available to the general public. We can not imagine the Israel-based company behind the Cellebrite hacking device is all that pleased with its newly expanded customer base, but here we are. There are a lot of things that can be done on eBay – where a quick search shows as low as $ 50.
According to Forbes which first reported the news, a brand new Cellebrite device is set to law enforcement back around $ 6,000. Things are quite a bit cheaper on the online auction site, where one seller has to pay between $ 50 to $ 70.
That's quite the discount.
Notably, Cellebrite appears to be extremely displeased with the resale of its phone-cracking tech. Matthew Hickey a security researcher and co-founder of Hacker House, purchased a Cellebrite UFED-36 mode on eBay, and proceeded to tweet an analysis and breakdown of the device.
Cellebrite UFED-36 model innards, FPGA, Intel Xscale processor, WinCE 5.0. trying to dump the flash ROM without removing the BGA chips. There is a debugger header with a mix of 5V and 3V signal logic. I want to install Linux on it. pic.twitter.com/6QpE88nvZA
– Hacker Fantastic (@hackerfantastic) February 27, 2019
Shortly thereafter, Hickey tweeted what looks like a Cellebrite admonishing resellers.
"As part of Cellebrite's inventory control process we need to make sure that our products are used by the original owner," read the statement.
We reached out to the company to confirm that the message is in fact authentic, but did not receive a response as of press time. If it is legit, however, the statement makes clear that the stakes are higher than just Cellebrite's profit margins.
"Since it may be possible for these devices (including old devices as the discontinued touch) to access private information," the statement warns, "we ask that you treat any Cellebrite equipment within your organization with the highest degree of security . "
In other words, the old models may still be gaining access to smartphones. Forbes Forbes Forbes Forbes The Cellebrite was used, what types of phones were searched for, and what kind of data were pulled off those phones – on the device he purchased.
Essentially, these smartphone hacking tools – possibly used by law enforcement agencies – appear to have been wiped before resale.
And now all that data, and the means to get more, can be a hacker for the low $ 100 or less.