TWRP for Samsung s9 and s9+ is now officially available

Many of Samsung's phones, including its flagship Galaxy S and Note series, ship with different processors depending on where they are sold. Some models have the company's own Exynos chips, while others have Snapdragon processors. Almost one year after the phone's release , the TWRP custom recovery now has official builds for the Snapdragon Galaxy S9/S9+.
The recovery image is specifically for the SM-G9600 (S9) and SM-G9650 (S9+) models, which are sold in Hong Kong and Latin America. Those of you with a United States S9 are still out of luck, since Samsung doesn't allow bootloaders on those phones to be unlocked.
Recovery images for the Galaxy S9 ( starqltechn ) and S9+ ( star2qltechn ) are available from TWRP's website

Kagame’s insanity: Rwanda asks Museveni to kick out top tycoon.
By: sadabkk@observer.ug
There are many reasons argued publicly and privately by officials on both sides of the conflict for the current border standoff between Rwanda and Uganda, but government insiders have nailed it down to one: Kampala’s outright refusal to turn against a very prominent Rwandan businessman hugely invested in this country.
Two weeks before Rwanda closed its borders with Uganda on Wednesday last week, the Rwandan high commissioner to Kampala met President Museveni and communicated several requests for action against particular dissidents.
A well-placed government of Uganda source has told The Observer that Maj Gen Frank Mugambage reportedly arrived with, among others, a request that Uganda should close businesses owned by Tribert Rujugiro Ayabatwa, a very wealthy Rwandan national running a string of enterprises in Uganda. The Rwandan government believes Rujugiro is pumping money into subversive activities being carried out on Ugandan soil against Kigali.
Rujugiro is the man behind the Meridian Tobacco Company, a $20 million (Shs 72 billion) operation which opened in the West Nile town of Arua last year. The Arua plant is a subsidiary of Pan-African Tobacco group, the manufacturers of Supermatch cigarettes.
But with Kampala not responding positively to the message delivered by Mugambage, tensions quickly mounted between the two countries. By Monday evening, Rwandan troops were seen deploying along hilltops near the common border. Days earlier, their Foreign Affairs minister Richard Sezibera accused Uganda of torturing and harassing Rwandan nationals here, while at the same time harbouring subversive elements plotting to topple the government in Kigali.
Security sources tell The Observer that Rujugiro switched some of his investments to Uganda in 2013 after he fell out with Rwanda president Paul Kagame. A former close associate, Rujugiro was part of the 12-man presidential advisory council Kagame named in 2009, headed by former British prime minister Tony Blair. The government source said that Museveni demanded for proof from Mugambage that this businessman was indeed fanning activities designed to destabilise Rwanda.
“The president of course asked for credible evidence to prove their claim because we can’t simply close his businesses without a basis,” the source said.
“The president also asked Mugambage what assurance [Rwanda] had that if we close his [Rujugiro’s] businesses, he will not find another channel [of funding the alleged activities] because he is an international businessman.”
Concerned about the 352 direct jobs which Rujugiro has created in Arua, and the 15,000 smallholder farmers plus another 1,600 occasional workers such as transporters doing business with Meridian, Museveni reportedly declined to grant Rwanda’s request. Instead, he reportedly told Mugambage that he needed time to engage Rujugiro.
Museveni is also understood to have said that he would either advise Rujugiro to find a buyer of his choice to take over the tobacco factory, or ask him to relocate the plant to another country. Kigali believes that a retired senior Ugandan military officer (names withheld), with very close links to a high office, holds a 15 per cent stake in the Arua tobacco factory.
The other request Mugambage is said to have brought to the meeting was for Museveni to get an unnamed cattle keeper with a ranch in Bukomero, Kiboga district sent back to Rwanda. The said ranch is said to be stocked with over 1,000 head of cattle.
“If you participated in the NRA liberation war, and you know how cattle keepers and other peasants aided the war, you are right to lose sleep over such a rancher,” the security source said.
Also on Mugambage’s shopping list was a request that the owner of a bus company which plies the Dar-es-Salaam – Nairobi – Kampala – Kigali route be repatriated. Interviewed on Monday, government spokesman Ofwono Opondo declined to speak about the Rujugiro case.
“We don’t discuss particular individual cases, but Rwanda has been engaging the ministry of Foreign Affairs and security agencies with a list of low and high-profile people, some of whom came here as refugees, whom they say are involved in subversive activities,” Opondo said.
But given its adherence to UN protocols on refugees, Opondo said, Uganda has always worked with the UN to facilitate their relocation to other countries such as Canada. Rujugiro himself relocated from South Africa to Canada.
THE FALLOUT
Rujugiro first spoke about his fall-out with Kagame on November 20, 2013 on the Straight Talk Africa show hosted by Voice of America’s Shaka Ssali. According to The News of Rwanda, a Kigali-based publication, Rujugiro’s point of departure with Kagame came after his arrest in London following an arrest warrant issued by the South African prosecution office over alleged tax evasion.
The tycoon allegedly expected Kigali to intervene on his behalf. But when no help came through, he turned against Kagame, linked up with Rwanda Defence Forces (RDF) deserters like Lt Gen Kayumba Nyamwasa and the late Patrick Karegeya to form the Rwanda National Congress (RNC). The RNC is one of the groups Kigali says is involved in clandestine activities against it from Uganda.
That same year, the Rwandan government confiscated Rujugiro’s properties as accusations of trying to topple Kagame’s government and tax evasion increased against him. Two years ago, in September 2017, the Rwandan government through Rwanda Revenue Authority, auctioned Rujugiro’s prestigious shopping mall in Kigali. Kigali Investment Company bought the mall at $8 million, $12 million lower than the amount Rujugiro claims to have spent constructing the building.
BUSINESS CHAIN
According to an article published on January 1, 2019, by Forbes Magazine, an American business magazine, Rujugiro owns Africa’s biggest tobacco company that has footprints in Burundi, Democratic Republic of Congo, South Africa, Tanzania, Nigeria, South Sudan and the United Arab Emirates.
The magazine describes him as Africa’s largest indigenous producer of cigarettes and other tobacco products, and puts his annual revenue at more than $200 million, with more than 7,000 employees.
Voice of America in 2013 also reported that besides cigarettes, Rujugiro is into tea processing, manufacture of plastic shoes and cement with factories in ten African countries. The radio also said he is trading in 27 African countries and the Middle East.
Rujugiro’s business dealings can be traced to as far back as 1978 in Burundi where he lived as a refugee.
sadabkk@observer.ug

Arrested for selling a gun

The Chieftaincy of Military Intelligence is holding an armour man at Kampala Central Police station for selling police guns.
Sgt Hannington Mugungira is being detained at CMI manned Special Investigations Division in Kireka after police guns went missing in February this year.
It is reported that during the audit, guns we discovered missing and further probe discovered that Mugungira had sold two pistols.
A source at Kampala CPS told one tabloid, that the suspect admitted that he sold the pistols which further led CMI operatives to the arrest of a one Akampulira from Maestro Security Company who is the buyer of the said guns.
Luke Owoyesigire the Kampala Metropolitan deputy police spokesperson when contacted for a comment said the matter was being handled by CID headquarters in Kibuli.
Owoyesigire referred this online newspaper to SP Vicente Sekate the CID spokesperson for more details but could not be reached by the time of press.
Six Police officers were in 2017 arrested at Kampala Central Police station (CPS) over a break-in at the station’s armory.
The police officers are said to have been guarding the station when unknown thugs raided the station and took off with two AK47 guns and 60 bullets.
The stolen guns and bullets were later recovered in Iganga district.
Details indicated that the guns had been hired out to criminals.
It is alleged that some policemen connived with the officer in charge of the armory to secure the guns and hire them out to criminals at unknown amount. The criminals were expected to return the guns after their mission.
However, the guns were discovered missing on a Sunday when some officers on duty were supposed to use them. Upon realizing that they were about to busted, the implicated officers tried to break the armory lock to make it look like a break-in but it was too late.

Are you safe with your huawei phone?

Cyber-espionage has been going on for years. In one famous example in 2012, it emerged that China had hacked UK defense firm BAE Systems to steal data about a $264 billion F-35 Joint Strike Fighter (JSF) jet. And it wasn’t the first time the country had been accused of stealing military jet plans.
But recently, the focus has moved to Chinese companies, particularly those that manufacture network equipment as 5G services start to roll out. So, why is all the focus on Huawei, and how secure is it to use its products and services?
Founded in Shenzhen, Guangdong, in 1987 by Ren Zhengfei, a former People's Liberation Army officer, the firm is owned by 80,000 of its 180,000 employees. Like its rivals Nokia and Ericsson, Huawei has manufactured mobile network equipment for years.
During the last decade or so it has stormed into the consumer market as a smartphone manufacturer and now owns 16% of the market. At Mobile World Congress (MWC) this week, it became the latest to announce a folding smartphone with the launch of the Mate X.
The story so far
There is growing concern about Huawei from governments around the world. So much so, that many have blocked telecoms companies from using Huawei gear in next-generation 5G mobile networks.
So far, the US and Australia have banned Huawei from providing equipment for their 5G networks, while Canada’s relationship with the firm is under review. There is also concern among European telecoms network operators, with some considering removing Huawei’s equipment. BT, for example, has
removed Huawei equipment from key parts of its 4G network.
At the same time, the UK has expressed concerns, with the National Cyber Security Centre (NCSC) asking Huawei to fix issues that could pose a new risk to the network.
The US is particularly concerned about Ren’s military background. And the State Department's top cyber official, Robert Strayer, certainly thinks there is an issue.
"A country that uses data in the way China has - to surveil its citizens, to set up credit scores and to imprison more than 1 million people for their ethnic and religious background - should give us pause about the way that country might use data in the future," Strayer said, according to The Washington Post . "It would be naive to think that country, [given] the influence it has over its companies, would act in ways that would treat our citizens better than it treats its own citizens."
Meanwhile, the daughter of Huawei’s founder,
Meng Wanzhou was last year arrested by Canadian authorities, after the US government alleged that she was assisting Huawei in dodging US sanctions on Iran. She and the firm deny any wrongdoing.
Are Huawei phones safe?
Last year, Huawei phones were banned by networks including Verizon and AT&T after being labelled a security threat. Meanwhile, tech site Tech.Co interviewed Timothy Heath, senior international defense research analyst at the RAND Corporation, who believes it is entirely plausible that the firm’s phones could be used to spy:
“The threat is legitimate, given the murky links between Huawei and Chinese authorities. The Chinese state has the authority to demand tech companies like Huawei turn over useful information or provide access to the communications and technologies owned and sold by Huawei.
"Chinese authorities can use this information and access to facilitate espionage or cyber attacks over Huawei communications technologies. Consumer tech devices like phones that rely on Huawei technologies will be easier for Chinese authorities to penetrate and exploit for these reasons.”
He added: “Tech companies play a critical role in developing the dual use technologies that the PLA needs to fight a hi-tech war against world class militaries like that of the United States.”
What about Huawei network equipment?
As an equipment vendor, it is technically possible for Huawei to conduct espionage through the network, or even for it to disrupt communications with disastrous consequences. As more devices are connected to the internet, including autonomous vehicles and electrical grids, this threat becomes all the more real.
The risk becomes bigger with 5G because the way the networks are designed and run makes it harder to monitor security, according to the head of the UK's intelligence service MI6, Alex Younger.
However, many of the UK providers including EE, Vodafone and Three have been working with Huawei to build their 5G networks. They are currently waiting for the UK government to decide whether they will be permitted to carry on doing so, with a decision coming in Spring this year.
China's National Intelligence Law passed in 2017 says organizations should "support, co-operate with and collaborate in national intelligence work".
But a Huawei spokesperson says: “We are a private company owned by employees and comply with applicable laws and regulations. If we are forced to maliciously violate the trust of our customers, we would rather shut the company down. We are committed to developing the most innovative and secure technology, to bring digital to every person, home and organization for a fully connected, intelligent world. We will make all sacrifices – at any cost – to defend security without hurting any country, any organization, or any individual. This is our highest agenda.”
What does Huawei say?
It’s Mobile World Congress this week so what better place for Huawei to hit back at recent comments from the US? During his keynote
Huawei chairman Guo Ping denied that the firm spies on behalf of its country’s government. It has "no evidence, nothing", he said, adding that the vendor had never planted backdoors in its equipment and would not permit third parties to meddle with its kit. Guo said, according to Business Insider : "Carriers are responsible for the secure operations of their own networks. Carriers can prevent outside attacks."
He also hit out at the US government for its new law allowing it to demand data stored with Amazon, Microsoft, or other cloud providers.
What should you do?
First, don’t panic. Ian Thornton Trump, head of cyber security at AMTrust international, points out: “If nation states are going to hack, they are going to hack. This has very little to do with security; this has everything to do with market protectionism and vendettas against companies that don’t bend to the will of the US.”
He therefore thinks security is a side show “being used as leverage and FUD to promote someone else’s products and services”. He says: “There has been no public mention of a security issue with Huawei and you can bet an indictment that if it did have a back door this would be blasted to the media.
“The indictment of Huawei is about intellectual property theft – allegedly and perhaps not even an American company – and selling to Iran using front companies. How a Chinese company is subject to American law is of course the big and larger question.”
Huawei is certainly producing some innovative phones and it’s been working on network equipment for years. Of course, intelligence personnel will know a lot more about what’s happening behind the scenes, so it’s important to be wary. But at the same time, much of this is about political posturing: Do we really think Huawei has manufactured a folding phone so it can tap all our calls and take over the network? Probably not.

This week at Mobile World Congress (MWC) in Barcelona Spain, Huawei's chairman Guo Ping deflected recent criticism his firm has received over security flaws and backdoors in its products. Guo immediately turned his ire to America and the National Security Agency (NSA) and its program called PRISM. This NSA program allowed the agency to access highly sensitive stored documents, emails, photographs, and data from major companies. Further, it was discovered that leading social media platforms like Google , Facebook , Yahoo, YouTube, Skype, PalTalk, etc. all provided the NSA with direct access to their users’ information in exchange for immunity from future prosecution. Ping rightfully denied that Huawei ever had backdoors in its products. He suggested these allegations were due to the company’s tremendous investment in 5G R&D, arguing that Huawei should get a pass. When it comes to security, though, nobody gets a pass. Further, recent arrests of key employees, including Huawei's founder’s daughter (and CFO), has increased scrutiny and speculation about the company’s nefarious intentions.
For countries, proactive incident response helps mitigate overall risk
All countries have spy agencies and those organizations rely on data and intelligence to be effective. Reverse/social engineering, malware/viruses, phishing schemes are all useful tools for agencies to target specific users and gain access to sensitive data or critical infrastructure.  Exploiting backdoors and packet sniffing is much more difficult and tends to produce random results. That said, from a cyberwarfare perspective, a top goal for most nation-states is to have a "killswitch" to stop security incidents and Internet traffic from hostile nations they conflict with. Ukraine is an excellent example of what happens when a country is ill-equipped to stop
cyber-aggression . It is virtually impossible to build a hack-proof network; however, organizations can employ practices to mitigate damage caused by hackers during a breach.  Case-in-point, network equipment vendors have a responsibility to deploy solutions that are secure and uphold industry standards for data protection and integrity—such as the Network Equipment Security Scheme (NESA) spearheaded by the GSMA and 3GPP. Carriers and service providers have even more responsibility to deploy proactive security measures to safeguard the flow of traffic through their networks. Even if there are security vulnerabilities in the networking equipment, a proactive incident response program can reduce the threat and attack-plane.
Is there such a thing as "manageable risk" in cybersecurity?
Claims and subsequent action by the United States and other countries have put Huawei, Supermicro, and ZTE under a negative spotlight and the effects have been damaging from a revenue, brand, and loyalty perspective. Although the UK's National Cyber Security Centre (NCSC) deemed Huawei as a "manageable risk," these companies will be challenged to regain their credibility and reputations in the security industry. Although it is nearly impossible to prove the claims against each company, it does force every equipment vendor to determine which side of the fence they are on and perhaps incentivize the industry to make meaningful long-term changes and safeguards—especially as 5G becomes a reality. While these companies are on their heels, rivals like Cisco, Ericsson , Nokia , etc. have a healthy competitive opportunity to grow market share. However, as a wise person once said, “what comes around, goes around” it will be easier for the industry to take care of itself before clueless bureaucrats and politicians do it for them. Since Huawei has established itself from a 5G perspective, it could also take a market leadership role in de-stigmatizing the security of Chinese-made equipment. Additionally, it could work with the industry to set meaningful standards for security before someone does it for them. This will not only help Huawei, but its Chinese counterparts and the industry as a whole.

F35 is a turd with wings...?

 the F35 is a turd with wings...?
Its not like the General Accounting Office (GAO) created a report citing "111 Category 1 and 855 Category 2 deficiencies". . .
Its not like it will 'fall out of the sky' if it is disconnected from Autonomic Logistics Information System (ALIS) for a short amount of time. . .
It is not like the F35B variant 'shook apart under stress-testing' and has to have its tyres changed in less than 10 landings. . .
Its not like the guns on the F35 are "consistently missing ground targets" and are showing a bias “long, and to the right”. . .
The Lockheed Martin F-35 Joint Strike Fighter was supposed to be four times more effective than older, legacy fighters in air-to-air combat, Eight times more effective in air-to-ground combat, And three times better at reconnaissance and suppression of enemy air defences.
All 3 versions of the F35 (A, B & C) are zesty yellow turds. Not only has the project extremely over promised and extremely under delivered, The F35 program is the most expensive undertaking by the US government. In 2012 the project had already cost $320 Billion (USD) and in 2014 it was estimated to "have operating costs 79 percent higher than the aircraft it was to replace". There are so many better things that you can operate for between $25,000 and $35,000 USD per hour.
It is such a heap of shit, That it cannot out manoeuvre or out fly the 20 year old fighter that it is supposed to replace. In fact, Not only is it a physical heap of shit, I would hate to see all of the security vulnerabilities that this 'winged disaster' has, let alone all of the data that is going to be collected by Lockheed Martin via (ALIS & any 'man in the middle').
Lockheed Martin's excuse is that the F35 is so 'selthy' that it doesn't need to out fly the enemy, because it will 'sneak up undetected and kill them first'. YEAH, GOOD LUCK WITH THAT. . .
After all of that, Australia is committed to purchase 72 of these flying shit sandwiches, Too bad Australian Consumer Law (ACL) does not apply in this case. . . They are no where near 'As described and without defects'

Bitcoin developer ,jameson lopp explanations on how to be secure on Bitcoin

More people are thinking about online privacy and protecting their data these days, but how hard is it to close every potential data leak and keep your personal information secure? On a recent episode of Epicenter , Casa CTO Jameson Lopp explained the extreme measures he takes to protect his privacy in an increasingly digital world.
‘They Don’t Know My Real Name’
After discussing why online privacy is so important in the age of social media, Lopp was asked to explain the tradeoffs of trying to close up all of the potential security holes in his daily life in the aftermath of a swatting incident in 2017 . Lopp gave examples of some of the extreme measures he has taken, including the use of a fake name when interacting with the people who live near him.
“They don’t know my real name,” said Lopp. “They don’t know what I do. They just know that I’m a programmer. I’m a boring old programmer.”
Lopp added that he interacts with most of his friends remotely via the internet, and he doesn’t have “crypto friends” in the area where he lives. Having said that, he does have non-crypto friends who spend time with Lopp doing non-crypto things.
“It’s kind of like living a double life almost,” said Lopp. “Sometimes that feels kind of like James Bond spy-type stuff, and other times it’s just plain annoying.”
Seeking Privacy Can Be Annoying
In terms of specific annoyances related to his search for privacy, Lopp pointed to the fact that he has to drive pretty far away to pick up his mail at a private mailbox or sign up for any kind of membership that requires personal identification.
“I don’t want my name in any databases that are tied to location,” added Lopp.
According to Lopp, there are also services available that make it easier to sign up for things in a pseudonymous manner, which has been helpful. However, when Lopp cannot sign up for something pseudonymously, the costs of retaining his privacy can be expensive because he basically has to hire a lawyer to act as a proxy on his behalf.
In terms of being recognized in public as a Bitcoin personality, Lopp said he’s only been recognized in the real world once, and he thinks it was mostly due to the large beard he had at the time.
“Most of the time when I’m out and about [now], I keep it pretty low key and I just look like another guy,” said Lopp.
It is Lopp’s intention to prevent any of his personal information from falling into the wrong hands, which means he needs to limit the locations and companies where that data is stored.
“Information wants to be free. Any service you give your data to, over a long enough period of time, it’s almost inevitable that that data is going to leak,” said Lopp.

Facebook has again been lying its users!

Facebook's 2019 looks set to repeat the PR train wreck of 2018, with the company now admitting that they misrepresented the extent of their spying on teenage user data when the controversy came to light in January this year. Significantly more kids were affected than originally acknowledged and parental consent was nothing of the sort.
This comes a day after Instagram was slammed for being the worst social media culprit for facilitating child abuse.
Any relief the social media giant may have been feeling following January’s record results, and consigning 2018 to the history books, now seems to be fading away.
At the end of January, the news broke that Facebook has been secretly paying people to install a 'Facebook Research' VPN to harvest users' phone and web activity. The program deployed a VPN that bypassed the app store safeguards, granting access to private messages and chats, web activity and emails open. Last year,
Apple removed the Israeli Onavo app ,
acquired by Facebook in 2013 for up to $200 million, for "snooping" on users in violation of its rules.
Facebook withdrew the application and rode out the storm. Controversy over, right? Wrong.
The Truth Emerges
At the time, the social media giant claimed that "less than 5 percent of the people who chose to participate in this market research program were teens. All of them with signed parental consent forms."
But now, in a letter to U.S. Senator Mark Warner, dated 20 February, the company has admitted - again - that they were somewhat expedient with the truth. "Initial reporting around this project was not entirely accurate," they said. “At the time we ended the Facebook Research App on Apple’s iOS platform, less than 5 percent of the people sharing data with us through this program were teens. The analysis shows that number is about 18 percent when you look at the complete lifetime of the program and also add people who had become inactive and uninstalled the app.”
As reported by TechRadar , the letter to Senator Warner from Facebook's VP for U.S. Public Policy, Kevin Martin, also admitted that "potential participants were required to confirm that they were over 18 or provide other evidence of parental consent, though the vendors did not require a signed parental consent form for teen users."
Ironically, last week Facebook finally agreed to launch a clear history function that will please users and annoy advertisers in equal measure. It was seen as a step in the right direction. The company clearly wants to get ahead of the issues - to an extent. Its challenge is that so many of the issues are tightly integrated into its business model.
"The idea is a lot of sites need cookies to work," CEO Mark Zuckerberg wrote in a blog, "but you should still be able to flush your history whenever you want. We’re building a version of this for Facebook too. It will be a simple control to clear your browsing history on Facebook – what you’ve clicked on, websites you’ve visited, and so on."
But, CFO David Wehner acknowledged the issues this will cause their business model, creating "headwinds in terms of being able to target as effectively as before."
No dates have been given - expect significant consultation with major advertisers to be taking place.
Regulation Approaches
On 'Safer Internet Day' In February,
Margot James MP, the U.K.'s Minister for Digital said that "online safety is a top priority for the Government and we want to make the U.K. the safest place in the world to be online. We will soon be publishing an Online Harms White Paper which will set out clear expectations for companies to help keep their users, particularly children, safe online." She added that the White Paper "will set out new legislative measures to ensure that the platforms remove illegal content and prioritize the protection of users, especially children, young people and vulnerable adults."
The British MP followed this with an interview to Business Insider , saying that the threat of financial sanctions against the leading social media platforms is set to become very real if toxic content and bad behaviors are not brought under control, and comparing the proposed sanctions program to "the powers that the ICO [Information Commissioner's Office] already has." Under GDPR, this could mean fines of up to 4% of global revenues - some $2.2 billion for Facebook.
"As you know, we are not generally opposed to regulation," Facebook confirmed in their letter - that's good because it is becoming ever clearer that some form of regulation is now inevitable.
"You know it's a good day at Facebook when the words 'teenagers,' 'research,' and 'lying' are in the news," wrote Mashable.
The issues around safeguarding social media's young userbase are not specific to Facebook. Also in recent days, YouTube has had to respond to claims that its platform was being used to facilitate child exploitation. "We disabled comments from tens of millions of videos that could be subject to predatory behavior,"

When eBay merchant Mr. Balaj was looking through a pile of hi-fi junk at an auction in the U.K., he came across an odd-looking device. Easily mistaken for a child’s tablet, it had the word “Cellebrite” written on it. To Mr. Balaj, it appeared to be a worthless piece of electronic flotsam, so he left it in his garage to gather dust for eight months.
But recently he’s learned just what he had his hands on: a valuable, Israeli-made piece of technology called the Cellebrite UFED. It’s used by police around the world to break open iPhones, Androids and other modern mobiles to extract data. The U.S. federal government, from the FBI to Immigration and Customs Enforcement, has been handing millions to Cellebrite to break into Apple and Google smartphones. Mr. Balaj ( Forbes agreed not to publish his first name at his request) and others on eBay are now acquiring and trading Cellebrite systems for between $100 and $1,000 a unit. Comparable, brand-new Cellebrite tools start at $6,000.
Cellebrite isn’t happy about those secondhand sales. On Tuesday, two sources from the forensics industry passed Forbes a letter from Cellebrite warning customers about reselling its hugely popular hacking devices because they could be used to access individuals’ private data. Rather than return the UFEDs to Cellebrite so they can be properly decommissioned, it appears police or other individuals who’ve acquired the machines are flogging them and failing to properly wipe them. Cybersecurity researchers are now warning that valuable case data and powerful police hacking tools could have leaked as a result.
Cellebrite warns customers about reselling its high-tech mobile hacking devices. FORBES
Hacker’s delight
Earlier this month, Matthew Hickey, a cybersecurity researcher and cofounder of training academy Hacker House, bought a dozen UFED devices and probed them for data. He discovered that the secondhand kit contained information on what devices were searched, when they were searched and what kinds of data were removed. Mobile identifier numbers like the IMEI code were also retrievable.
Hickey believes he could have extracted more personal information, such as contact lists or chats, though he decided not to delve into such data. “I would feel a little awful if there was a picture of a crime scene or something,” he said. But using the information within a UFED, Hickey believes a malicious hacker could identify the suspects and their relevant cases.
In one screenshot provided by Hickey to Forbes, the previous UFED user had raided phones from Samsung, LG, ZTE and Motorola. Hickey had tested it on old iPhone and an iPod models with success.
Cellebrite hasn’t returned repeated emails from Forbes seeking comment over the last two weeks.
Rooting out Cellebrite’s secrets
The tools may also contain the software vulnerabilities Cellebrite keeps secret from the likes of Apple and Google, said Hickey. Cellebrite’s exploits (little software programs that break the security of computers and mobile phones) were encrypted, but the keys should be extractable from the UFED, though Hickey hasn’t had success on the tools he bought.
As Forbes reported in March last year, Cellebrite had become so adept at finding iOS flaws that it was able to crack the passcodes of the latest Apple models , up to the iPhone X. But the forensics provider is in a race to find flaws before Apple patches them and the hacks become impossible. The company explained to Forbes that it had to keep those exploits secret so Apple couldn’t fix and prevent police from accessing iPhones.
Looking deeper, Hickey found what appeared to be Wi-Fi passwords left on the UFEDs too. They could have belonged either to police agencies or to other private entities that had access to the devices, such as independent investigators or business auditors.
Reselling police data
There’s one obvious reason the Cellebrite devices have started appearing online: There are newer models of UFED being released with fresh software. But Hickey was concerned to find leftover forensics data.
“You’d think a forensics device used by law enforcement would be wiped before resale. The sheer volume of these units appearing online is indicative that some may not be renewing Cellebrite and disposing of the units elsewhere,” Hickey told
Forbes.
“Units are intended to be returned to vendor precisely for this reason, people ignoring that risk information on the units being available to third parties.”
Hackable hacking kit
Hickey said security on the units was “fairly poor.” In particular, he was able to find out the admin account passwords for the devices and take control of them. Cracking the devices’ license controls was also simple, using guides found on online Turkish forums. A skilled hacker could unleash the device to break into iPhones or other smartphones using the same information, he said. A malicious attacker could also modify a unit to falsify evidence or even reverse the forensics process and create a phone capable of hacking the Cellebrite tech, Hickey warned.
Despite concerns about the security of critical law enforcement devices, Hickey at least plans to do something fun with his purchases. For some upcoming hacker parties, he’s going to alter them to run the shoot-’em-up classic Doom. Others have already started playing.

el
some of you should start being careful of what comes out of your beaks!!!! i know that such people who post such want gain attention ....and later on start deceiving that CMI,ISO,CID,SFC operatives are hunting you because of what your dirty minds compels you to write.Let warn you,its high time you start avoiding jokes about Security!!!!! now ,what if they ask you when,how and where in kisoro you saw those army vehicles, what would you say???? By the way,some of you are not ever worth to be thought of by CMI and i think some of you have never seen real CMI or ISO,SFC....you really have not!!!!

Cellebrite UFED, an iPhone hacking tool made in Israel and widely used by the law enforcement authorities including the Federal Bureau of Investigation, Customs Enforcement and Immigration departments is surprisingly up for sale on eBay.
This tool is mainly used for hacking or breaking open modern mobile phones such as iPhones and Androids for the sole purpose of obtaining data. The law enforcement authorities primarily use Cellebrite to extract data from Google smartphones and Apple devices . It is the same iPhone hacking tool that the FBI used to break open the iPhone 5C of Syed Rizwan Farook , the infamous San Bernardino shooter.
See: Textalyzer Device Tells Police Everything Users Do on Their Smartphone
According to Forbes , second hand Cellebrite is being sold on eBay between $100 to $1000. It is worth noting that Cellebrite sells new tools for $6,000. Understandably, Cellebrite, a forensic data firm responsible for making Cellebrite UFED, isn’t happy about it and has warned customers about reselling such sensitive hacking devices because if landed into wrong hands, these can be exploited to access someone’s private information. Cellebrite also requested users to return the UFEDs to the company so that these could be decommissioned appropriately.
Thomas Brewster
@iblametom
Cellebrite has issued a warning to customers about the risk of reselling its devices.
I spoke to a guy who found one at a real-world auction and resold on eBay. He didn't know he had police iPhone/Android hacking tech, put it in his garage to gather dust for 8 months.
Lewl.
Thomas Brewster @iblametom
New - The Feds’ Favorite iPhone Hacking Tool Is Selling On eBay For $100—And It’s Leaking Data forbes.com/sites/thomasbr…
64 2:43 PM - Feb 27, 2019
45 people are talking about this
Security researcher Matthew Hickey (Hacker Fantastic on Twitter) bought several Cellebrite UFED devices and identified that there was indeed valuable data stored on the devices including IMEI numbers that can be used to locate a mobile phone easily. Moreover, Hickey believes that the devices might also reveal chat and contact lists but he didn’t attempt to dig any deeper.
Hacker Fantastic
@hackerfantastic
Cellebrite UFED classic exploits & functions - I got this gem at an auction - has SIM card cloning features (elite)
267 12:13 AM - Feb 12, 2019
99 people are talking about this
Another grave issue of concern is that the second hand Cellebrite UFEDs can also leak information about vulnerabilities that many devices like Apple iPhones contain. In March 2018, Forbes reported that Celebrite can identify iOS flaws and can crack passwords of the newest Apple models including the iPhone X and the company deliberately keeps these flaws a secret so that Apple couldn’t fix it. This way, Cellebrite helps law enforcement in retrieving data from mobile phones.
Hickey claims that the units are poorly secured as he could easily identify the admin account passwords of the units and could control them while accessing their license controls was also an easy feat to accomplish. All that he needed to do is check out for online guidelines on Turkish forums.
See: US government gets its hand on $15,000 iPhone do this, imagine what a skilled hacker could be capable of. A smart hacker can easily hack iPhones using the information or modify the unit to alter evidence or fully reverse the forensic process in order to make the device capable of hacking the technology that Cellebrite is most sought-after for.