Signal demonstrates flaws in Cellebrite hacking equipment
The encrypted chat app Signal suggested in a blog that products sold to law enforcement authorities could easily be blocked by surveillance provider Cellebrite that specializes in helping law enforcement agencies copy call logs, texts, photos, and other data from smartphones.
Cellebrite has been repeatedly criticized for past sales to authoritarian governments, including Belarus, Russia, Venezuela, China, Bangladesh, and Myanmar.
The company sells a suite of data analyzers called UFED, which allows law enforcement agencies to hack iOS or Android phones and extract data.
Cellebrite appeared in the news after being hired by the FBI to unlock the shooter’s iPhone in the San Bernardino accident in 2015 when the government agency reportedly paid up to $ 900,000 for the tools.
Signal, a privacy-focused app, clashed with Cellebrite last year when the monitoring provider said its equipment had been upgraded to allow law enforcement agencies to access Signal messages from their devices.
- Signal maker and CEO (Moxie Marlinspike) said in the post that he had acquired and tested the full set of Cellebrite hardware and software.
- Marlinspike noted that an upcoming update of the application is working to thwart any attempts by law enforcement agencies to penetrate it.
- The signal developer said: I was surprised to discover that little attention was being paid to Cellebrite security, including using some legacy DLL libraries, such as the 2012 release of the FFmpeg and MSI Windows installer packages for Apple's iTunes.
- Marlinspike explained that it would be easy to add a specially crafted file to a phone to block Cellebrite's functions.
- In a statement, the monitoring provider did not directly address Marlinspike's statements but said: The company's employees are constantly auditing and updating our software in order to provide our customers with the best digital intelligence solutions available.
- Elsewhere in the post, Marlinspike noted that he had found snippets of code from Apple inside the Cellebrite program, something he said could pose a legal risk to Cellebrite and its users if done without permission.
- Marlinspike's comments come as the monitoring provider prepares for an IPO, and the combined company's equity is estimated at $ 2.4 billion.