In a recently leaked training video, Cellebrite shows users how to exploit its software, provided they keep the information to themselves. The importance of this condition is obvious: this software can access almost any iPhone in the world, and the main users are none other than certain governments and police departments.
In the following article, we've translated the complete video transcripts they sell to governments! You'll be amazed how they managed to do it! keep the secret until today !
Cellebrite recommends discretion not only to attract a discreet clientele, but also for the safety of all. The company states that leaks could harm the entire international law enforcement community. It would be catastrophic if such tools fell into the hands of malicious forces.
For those who don't know Cellebrite, here's an example of what they do:
Any other software that does the same thing?
It's not just Cellebrite that develops tools for accessing iPhones. Pegasus, another famous spyware application, is used by countries such as Morocco. Rumors are circulating that the French secret services are developing software, and other companies such as Grayscale offer similar services.
You also have Mspy, which allows you to hack several applications such as :
- How to hack Instagram.
- Make it possible to hack Facebook.
- Make it possible to hack SnapChat
- And hack whatsapp
Transcription of the Cellebrite private training video:
Here is the full transcript of the training video:
I'm glad you could join us. And I'm happy to launch this initial module covering system overview and orientation for Cellebrite Premium. Thank you and enjoy.
Did you know that Cellebrite Advanced Services has 10 laboratories in nine different countries around the world? Well, to take advantage of all these capabilities, we're working together to bring you this training, so you'll hear from colleagues from all over the world. The following list are those who make up this current set of modules, so I hope you'll enjoy meeting each and every one of them.
Before we start, it's very important to review the confidentiality and operational security issues that we have to respect when using Cellebrite Premium, not only ourselves in our own Cellebrite Advanced Services laboratories, but especially you in your own laboratories around the world.
Well, we have to recognize that this capability actually saves lives. And in situations where it's too late, we help to put an end to victims' families and, ultimately, solve crimes and put people behind bars. So it's very important to keep all these capabilities as protected as possible, because ultimately, leaks can be detrimental to the entire law enforcement community worldwide.
In a little more detail, these capabilities that are built into Cellebrite Premium are actually Cellebrite trade secrets, and we want to continue to ensure their viability so that we can continue to invest heavily in research and development, so that we can give these capabilities to law enforcement around the world. Your role is to ensure that these techniques are protected to the best of your ability, and to consider them as "law enforcement sensitive" or to classify them at a higher level of protection in your country or agency.
And the reason is that we want to make sure that widespread knowledge of these capabilities doesn't spread. And, if the bad guys find out how we get into a device, or that we're able to decrypt a particular encrypted messaging app, when they might move on to something much, much harder or impossible to overcome. don't want that.
We are also aware that phone manufacturers are constantly looking for ways to improve the security of their products. And the challenge is already as difficult as it is, but we continue to make very good inroads. Please don't make our job any harder than it already is.
And at the end of the day, we don't really want techniques to be disclosed in court through discovery practices, or you know, ultimately in testimony, when you're sitting on the stand, producing all this evidence and discussing how you got into the phone. At the end of the day, you've extracted the data, it's the data that solves the crime. How you got in, let's try to keep that as quiet as possible.
And now to operational or "opsec" security. This starts with the physical protection of the premium system and all its components that you received in the kit.
Those little bits that make all that capability... magical. These are very sensitive assets, and we want to make sure that no tampering or other curiosities are used on these devices. And in some cases, there's a risk of tampering and disabling the component, and that's something you really don't want to do, because it could prevent your agency from having the capability while you're waiting for a replacement.
What's more, exposure of any of these premium features could be very detrimental to the global law enforcement environment. So, be careful with information sharing, whether it's in face-to-face conversations, over the phone, on online newsgroups, via e-mail - other things like that - just try to keep it sensitive and don't go into too much detail.
As for written documentation, obviously you don't want to divulge too much in your court reports. But definitely put in the bare minimum to make sure a layman can understand the basic concepts of what was done.
Certainly mention that you've used Premium, you can mention the version, but don't go into detail about what you've done with the phone: either manipulate it, or anything that appears on the Premium GUI itself.
And when it comes to technical operations and quality management within your organization, please be wary that any document you create as a standard operating procedure could be seen by an external auditor for ISO 17025 or others likely to apply a freedom of information law. request in your agency in any law of your country.
So be careful with it. You need to protect it as best you can. And the other additional factor you may not be aware of is that failed exploits on devices - if they're able to connect to the network - could phone home and inform the manufacturer that the device is under attack. And with enough knowledge and intelligence, it's possible that phone manufacturers will discover what we do to achieve this magic. So please do your best to follow all instructions and make them the best possible procedures [sic] in the future.
As a result, the software was designed for government use only, and not for the general public. Those who want to hack an iPhone will have to go to Mspy.
Thank you for this very informative article