Just a couple of weeks ago, we wrote about the Israeli security firm Cellebrite, and how it suffered a major data breach. After the information began to trickle out, it seemed like no real damage was done. Cellebrite itself said that what leaked was an old, irrelevant backup. A new discovery, however, questions that answer.
If you're not familiar with Cellebrite, it was the firm that the U.S. government hired to break into an iPhone 5c to aide with investigation of the December 2015 San Bernardino terror attack. Apple at the time refused to help crack the phone, so Cellebrite was brought in, and succeeded. Not long after, the firm boasted about its ability to crack nearly any smartphone - be it iOS- or Android-based.
When we reported on the company's data leak weeks ago, we didn't realize at the time that actual code had slipped out. Instead, it seemed like it was only customer information, and outdated information at that. However, the hacker that managed to take off with Cellebrite's data has just released it online, and it allegedly includes lots of code that could help anyone accomplish the same goals Cellebrite did - to break into aging smartphones.
"Aging" is the key word here, because it does appear that the code that's leaked would affect only phones that are a few years old. Following the entire iPhone 5c cracking debacle, both Apple and Google strengthened their respective OSes to prevent this kind of hacking from happening again.
That being the case, if you have a modern smartphone, this leak isn't likely to impact you. If you're still rocking an aging phone, the potential is there, but the phone would still have to wind up in someone else's hands. If you're using an older phone and can't upgrade to a newer one, you also have the option to install community ROMs to replace the one on your device, but that's entering an area for experienced users only.
So, what's the lesson here? If someone creates a tool that can crack a device, there's no assurance that it won't eventually find its way into the wild.