ASIC, ATO, AFP and Defence buy services of phone-hacking company Cellebrite

APTFilter AVGNews CERT-LatestNews FSecureNews KasperskyNews Malware McAfeeNews Security News SocialEngineering SophosNews SymantecNews ThreatsActivists ThreatsCybercrime ThreatsEconomic ThreatsStrategic TrendMicroNews Uncategorized VulnerabilitiesAdobe VulnerabilitiesAll VulnerabilitiesApple VulnerabilitiesApplications VulnerabilitiesCisco VulnerabilitiesCrypto VulnerabilitiesDBMS VulnerabilitiesFirmware VulnerabilitiesGoogle VulnerabilitiesHardware VulnerabilitiesLinux VulnerabilitiesMicrosoft VulnerabilitiesMozilla VulnerabilitiesNetwork VulnerabilitiesOS VulnerabilitiesVMWare VulnerabilitiesVOIP

Australian government departments have been using services from the same technology company believed to have helped the FBI hack the phone of the San Bernadino shooter.

Government contracts show the Australian Taxation Office, Australian Securities and Investment Commission, Department of Employment, Australian Federal Police and Department of Defence have almost spent a combined $500,000 on Cellebrite and related services from Australia-based providers.

The Cellebrite system can extract data from a variety of phones. The Cellebrite system can extract data from a variety of phones. Photo: Tessa Stevens

The Australian government is currently pushing for laws to force technology companies to help authorities decrypt their devices or messaging services.

The company, Cellebrite, gained global attention in 2015 after they’re believed to have helped the FBI crack the iPhone of San Bernadino shooter Syed Rizwan Farook.

The FBI feared Farook’s phone would be wiped after too many unsuccessful access attempts and asked Apple to create software to bypass the lock.

Apple refused, saying it would set a precedent and the ‘backdoor’ exploit could fall into the wrong hands. The FBI took Apple to court but dropped the case after they gained access, potentially with the help of Cellebrite.

The Australian Federal Police currently have a software license valued at $160,000 with Cellebrite’s Asia Pacific branch expiring November 14, 2017.

The Australian Securities and Investments Commission currently has a $54,000 software license for Cellebrite with Melbourne-based Point Trading, expiring June 30, 2018.

The Cellebrite system has a cable for every phone on the market. The Cellebrite system has a cable for every phone on the market. Photo: Tessa Stevens

Cellebrite’s main product, the Universal Forensic Extraction Device, allows users to bypass security features on smart phones and extract data, including messages and call logs.

ASIC also paid Cellebrite $15,000 directly for licenses for its physical analysis software and Point Trading over $13,000 for a UFED device.

It’s unclear whether agencies have to acquire a warrant to use Cellebrite technology on Australian devices.

In November 2016, the Australian Taxation Office paid over $42,000 for “physical analyst training” in Melbourne.

The Department of Defence’s Maritime Systems Division paid defence contractor Thales Australia over $88,000 for training in Cellebrite use.

This is after the now-Defence Science and Technology’s information and weapons systems division paid Point Trading over $16,000 in May 2011 for Cellebrite accesories and software.

The contract period was from March 6 to March 31 this year.

The Department of Employment also paid Point Trading $10,620.50 for access to a desktop version of Cellebrite’s UFED from August 13, 2015 to August 14, 2016.

All of the departments were contacted for explanations on why they were using Cellebrite technology but were unable to comment before deadline.

Cellebrite itself was hacked earlier this year, with customer information and databases stolen from external servers.

Victoria Police were considering the use of a ‘textalyser’ device in 2016, allowing police to scan drivers phones when stopped for roadside tests to see if they’d been using the phone whilst driving.

Do you know more? Get in touch via [email protected] or using the app Signal on your smart phone via 0437 464 126.