You can buy the feds’ favorite phone hacking tool for $100 on eBay

Shutterstock

Israeli-made gizmos costing thousands of dollars that are used by law enforcement agencies worldwide to hack mobile phones are being hawked on eBay for as little as $100 apiece.

The Cellebrite UFED has been used by US federal agencies, including the FBI and Immigration and Customs Enforcement, to break open iPhones, Androids and other devices to retrieve valuable data, according to Forbes.

New units cost at least $6,000, but used versions being peddled on the auction site can be snatched up for anywhere from $100 to $1,000, according to the report.

Not surprisingly, the company is not happy.

Rather than returning the high-tech machines to Cellebrite for proper decommissioning, police agencies or individuals apparently are selling them without wiping them clear first, the mag reported.

Cybersecurity experts are now warning that valuable data and sensitive hacking tools could have ended up in the wrong hands as a result.

Two sources from the forensics industry have provided the mag a letter from Cellebrite warning its customers not to resell the high-tech machines, which could be used to access people’s private information.

Training academy Hacker House CEO Matthew Hickey, who bought several of the devices and probed them for data, discovered that they contained valuable information, including mobile identifier numbers like IMEI codes.

“I would feel a little awful if there was a picture of a crime scene or something,” he said.

In one screenshot Hickey provided to Forbes, the previous UFED user had raided phones from Samsung, LG, ZTE and Motorola.

Hickey also found what appeared to be Wi-Fi passwords that could’ve belonged either to police agencies or private entities that had access to the devices, including independent investigators and business auditors.

“You’d think a forensics device used by law enforcement would be wiped before resale. The sheer volume of these units appearing online is indicative that some may not be renewing Cellebrite and disposing of the units elsewhere,” Hickey said.

“Units are intended to be returned to vendor precisely for this reason, people ignoring that risk information on the units being available to third parties,” he said.

Cellebrite hadn’t returned multiple emails from Forbes seeking comment in the past two weeks.