Signal demonstrates flaws in Cellebrite hacking equipment
suggest Application Signal’s encrypted chat Post It can easily block products sold to law enforcement from the Cellebrite surveillance provider that specializes in helping law enforcement agencies copy call logs, text, photos and other data from smartphones.
Cellebrite has been repeatedly criticized for past sales to authoritarian governments, including Belarus, Russia, Venezuela, China, Bangladesh and Myanmar.
The company sells a suite of data analyzers called UFED, which allow law enforcement agencies to hack iOS or Android phones and extract data.
Cellebrite appeared in the news after being hired by the FBI to unlock the shooter’s iPhone in the San Bernardino accident in 2015, when the government agency reportedly paid up to $ 900,000 for the tools.
Signal, a privacy-focused app, clashed with Cellebrite last year when the monitoring provider said its equipment had been upgraded to allow law enforcement agencies to access Signal messages from their devices.
Signal maker and CEO (Moxie Marlinspike) said in the post that he had acquired and tested the full set of Cellebrite hardware and software.
Marlinspike noted that an upcoming update of the application is working to thwart any attempts by law enforcement agencies to penetrate it.
Signal’s developer said: I was surprised to find that very little attention was paid to Cellebrite’s software security, including Use some old DLL libraries, like the 2012 version of the FFmpeg and MSI Windows installer packages for Apple’s iTunes.
Marlinspike explained that it would be easy to add a specially crafted file to a phone to block Cellebrite functions.
In a statement, the monitoring provider did not directly address Marlinspike’s statements, but said: The company’s employees are constantly auditing and updating our software in order to provide our customers with the best digital intelligence solutions available.
Elsewhere in the post, Marlinspike noted that he had found snippets of code from Apple inside the Cellebrite program, something he said could pose a legal risk to Cellebrite and its users if done without permission.
Marlinspike’s comments come as the monitoring provider prepares for an IPO, and the combined company’s equity is estimated at $ 2.4 billion.