Insights For Success

Strategy, Innovation, Leadership and Security

Hackers that hacked Cellebrite released a data dump

GeneralEdward Kiledjian

Image from the Cellebrite website

Cellebrite is an Israeli company that specializes in tools (hardware and software) to break cell phone security. The Universal Forensic Extraction Device (UFED) is their most popular product and it can extract info from a wide variety of cell phones in minutes. Needless to say, law enforcement loves Cellebrite and has made them a very wealthy company. 

Cellebrite confirmed being breached and 900 GB of data was taken (which we believed contained end user licensing information). Cellebrite was quick to point out that passwords or payment information was not taken.

The hackers have published the dump which includes source code and customer information but also more importantly exploitable vulnerabilities for IOS, Android and Blackberry.

Cellebrite's UFED uses many of these vulnerabilities to extract the information its customers want from locked or otherwise protected devices.

Motherboard spoke to world renown IOS security expert, Jonathan Zdarski, who said the IOS vulnerabilities are already commonly known and therefore nothing earth shattering. The Blackberry vulnerabilities haven't been released yet and those will be interesting.

Obviously Celebrite is continuously updating its products with the latest vulnerability discovery so it is safe to assume this won't damage their thriving business with law enforcement. 

You can see a small sliver of the 900GB on site pastebin site (which will quickly disappear of course.)

The links to download the first parts of the dump are here:

  1. https://mega.nz/#!sZUkSbDT!l740KTf5TG-TgjN-YNZcejSOfhUn43jZ8jR3Lw_w7dY

  2. https://mega.nz/#!0d9zBQLI!DdKhZDXoMEnO6RpZDHWMGVV7nBXXZ98cPzjzVqLsVuw

These files may be taken down anytime so... Your Mileage May Vary.

The hackers are promising to released another small sump with files retrieved "via the weaponized Cellebrite update service deployed on MS Windows based devices and desktops"

Analysis of the compression and obfuscation employed by Cellebrite on products supplied to British MOD juxtaposed with the protection free versions supplied to SOCOM and others is also included within.” added the hacker.

The hackers are hacking the hackers. Let's see how this story unfolds.

Most Snapchat users are on IOS and other cool information

GeneralEdward Kiledjian

Tech companies are notoriously secretive about their user makeup and their internal operations. Snap filled its paperwork for its IPO (Initial Public Offering) and it makes for a fantastic read. You too can read the S1 here

As much as Android fans want to pretend they are as vibrant as the IOS community, the Snap S1 begs to differ. They clearly highlight that most users of Snapchat are on IOS thus making it the priority development platform for the service.

The majority of our user engagement is on smartphones with iOS operating systems. As a result, although our products work with Android mobile devices, we have prioritized development of our products to operate with iOS operating systems rather than smartphones with Android operating systems.
— Snap S1

The other interesting tidbit is that the mast majority of the service operates on Google's cloud service (instead of Amazon AWS and Microsoft Azure). Snap recently signed a $2B 5-year deal with the sultan of search.

We rely on Google Cloud for the vast majority of our computing, storage, bandwidth, and other services.
— Snap S1

They also talk about a continued commitment to innovation and this is seen as a way to improve user engagement and thus improve ad revenue. Hopefully innovation is more than filters and glasses.

Another interesting tidbit is their underhanded acknowledgement of Facebook and its potential to disrupt Snapchat's business model.

Many of our current and potential competitors have significantly greater resources and broader global recognition and occupy better competitive positions in certain markets than we do.
— Snap S1

The final snippet of information I wanted to share was that they aren't profitable and may never be profitable.

We have incurred operating losses in the past, expect to incur operating losses in the future, and may never achieve or maintain profitability.
— Snap S1

Even with this grim view of the world, analysts expect the IPO to be a smash hit. Time will tell but what does it say when investors are willing to spend billions for a company that may never return a penny?

Google Home Superbowl ad

GeneralEdward Kiledjian

Google has started taking hardware seriously in recent years with its Chromecast and Pixels. Then Google launched the Google Home a voice controlled speaker system that competes directly against the Amazon Echo.

In addition to basic voice control, it brought the Google Assistant (until then reserved for the Pixel line of smartphones) to the masses. You can ask Google Home any question and watch it miraculously respond leveraging the massive Google knowledge graph. 

It can play music from Google Play or Spotify, It an give you weather, news and sport scores. It can do math, spell words and provide definitions. It can even add items to a shopping list. 

Continuing its massive advertising spend, Google will showcase Google Home during the Superbowl with a commercial showing some of its capabilities.  Because they show examples of commands, if you own a Google Home or Pixel smartphone, just know they will go off a couple of times,

Tool to check if your favorite username is free on dozens of sites automatically

GeneralEdward Kiledjian
  •  
  • Whether you are a burgeoning social media star, a marketer or just a lover of everything social, you probably want to use the name username on all the major social media sites. Using the same name makes it easy for your adoring fans to find you. 

This is when an online service called NameCheckr comes into play. You enter the desired username and it check the sites for availability. The sites included in its search (as I write this are):

  • Domain (.com)
  • Domain (.net)
  • Domain (.org)
  • Domain (.io)
  • Facebook
  • MySpace
  • GitHub
  • About.Me
  • Twitter
  • Instagram
  • Vimeo
  • Papaly
  • Google+
  • Youtube
  • GetSatisfaction
  • StumbleUpon
  • Tumblr
  • Meetup
  • FeedBurner
  • Blogger
  • Reddit
  • Pinterest
  • FourSquare
  • Pinterest
  • Flickr
  • Ello
  • Dribble
  • Last.FM
  • IFTTT

Click on the load more option and you also get

  • Vine
  • DeviantArt
  • Kinja
  • Spotify
  • ETSY
  • LiveJournal
  • Badoo
  • Disqus
  • eBay
  • Technorati
  • Wordpress
  • Behave
  • Domain (.co)
  • Domain (.us)
  • Domain (.cc)
  • Domain (.me)
  • Domain (.biz)
  • Domain (.info)
  • Domain (.de)
  • Domain (.at)
  • Domain (.eu)
  • Domain (.ru)
  • Domain (.jp)
  • Domain (.mobi)
  • Domain (.in)

Click on any of the services showing the name is available and it will take you to the page where you can register it on that service.

Testing the service

As a test, I ran ekiledjian through the service and after a couple of minutes of processing, it showed me which services had it avaialble or not. 

Bypass that machine and speak to a human

GeneralEdward Kiledjian

Regardless of the sales pitch companies make, most self-service initiatives are to save the company money and not necessarily to improve the customer experience. Automated interactive voice support systems are no exception. Everyone dreads entering the maze of never-ending menus filled with frustration and annoyance.

There is a better way. What if you could bypass the machine and go straight to a living breathing human? Welcome to the salvation that is GetHuman.com

Let's say I want to call Bell Canada:

Go to GetHuman.com and search for the company

Then you choose the purpose of the call

Let's use cancel service

And here they try to sell you their service which is obviously annoying since the info was built by thousands of users when the site was firsts created (and was free by the way). This is immensely frustrating but there is a workaround.

Trick to get the information for free

Download the GetHuman app on IOS or Android and the information you seek will be provided for free.

Here is the Bell Canada information.

The middle box gives you all of the information you need to quickly navigate the Interactive Voice Response menu. Some listed companies are no longer in business because the free updates from customers stopped when they started pissing off users by trying to charge for everything but I still still find 85% of the info I need.

We don't know if the mobile apps will one day be updated and become for-pay also but use it now while you can. Great resource that has saved me a tone of time.