mobile forensics | Breaking Cybersecurity News | The Hacker News

The Israeli firm Cellebrite , which provides digital forensics tools and software to help law enforcement access mobile phones in investigations, has had its firmware and software leaked online. Yes, you heard that right. Cellebrite's most sensitive in-house capabilities have been made public by one of its products' resellers, who is now distributing copies of Cellebrite's firmware and software for anyone to download. The apparent reseller is McSira Professional Solutions , which hosts software for various versions of Cellebrite's Universal Forensic Extraction Device (UFED). UFED is one of the company's key products that help investigators bypass the security mechanisms of mobile phones, especially iPhones, and extract all data and passwords from them. For the Cellebrite's hand on iOS devices, you can watch the 2015 YouTube video (below), which demonstrates one of the company's products that unlocked the iPhone device in few hours. Download  L

The FBI didn't disclose the identity of the third-party company that helped them access the San Bernardino iPhone, but it has been widely believed that the Israeli mobile forensic firm Cellebrite was hired by the FBI to put an end to the Apple vs. FBI case. For those unfamiliar in the Apple vs. FBI case: Apple was engaged in a legal battle with the Department of Justice over a court order that was forcing the company to write software, which could disable passcode protection on terrorist's iPhone, helping them access data on it. However, Apple refused to comply with the court order, so the FBI hired an unknown third-party firm, most likely Cellebrite, who managed to successfully hack the locked iPhone 5C used by the terrorist in the San Bernardino shooting incident last year. The new method helped the Federal Bureau of Investigation (FBI) to hack iPhone 5C, but that wasn't the FBI's victory as the method didn't work on iPhone 5S and later iPhone

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or

The security features built into Apple 's iOS software are so good that the police are unable to gain access to defendant's iPhones when they need to.  Companies like Apple and Google are being asked by law enforcement officials to bypass these protections to aid in investigations. Apple receives so many police demands to decrypt seized iPhones that it has created a waiting list to handle the deluge of requests. In one of the recent cases, according to court documents, the federal agents were baffled by the encrypted iPhone 4S of a man in Kentucky who was charged for supplying crack cocaine. CNET reports that ATF agent Rob Maynard spent three months trying to "locate a local, state, or federal law enforcement agency with the forensic capabilities to unlock" an iPhone 4S. After everyone said that they did not have the capabilities, Maynard turned to Apple. Apple can reportedly bypass the security lock to get access to data on a phone, download it to an external devic

Using a new attack on most popular Android phones platform, a team of researchers in Germany managed to grab stored cryptographic keys if the device is frozen state for an hour. The method which able to bypasses Google's data scrambling encryption system introduced in Android 4.0 Ice Cream Sandwich to reveal the phone's hidden data, when leaving Android phones in a freezer until they fell below -10 degrees Celsius, which revealed previously scrambled data, including contact lists, browsing histories, and photos. The team developed software called FROST , Forensic Recovery of Scrambled Telephones, which lets them copy data from the phone for analysis on a computer. Abstract   explains ," We present FROST, a tool set that supports the forensic recovery of scrambled telephones. To this end we perform cold boot attacks against Android smartphones and retrieve disk encryption keys from RAM. We show that cold boot attacks against Android phones are generally possible fo