iTWire Thursday, 22 April 2021 11:06 Signal chief exposes poor security in Israeli firm Cellebrite s software Featured Pixabay
An Israeli company that makes software for breaking into mobile devices including iPhones, has been publicly shamed by cryptographer Moxie Marlinspike, the creator of the Signal messaging app, who exposed poor security in the software which the company uses.
But while
demolishing these so-called experts, Marlinspike, whose real name is Matthew Rosenfeld, showed that he had a quirky sense of humour, by claiming that he had gained access to the latest versions of Cellebrite s wares by noticing that they had fallen off a truck ahead of him while he was out on a walk!
More a declaration of war than turning the tables Share
Copy
Updated It is possible to hijack and manipulate Cellebrite s phone-probing software tools by placing a specially crafted file on your handset, it is claimed.
Signal app supremo Moxie Marlinspike said in an advisory on Wednesday that he managed to get his hands on some of Cellebrite s gear, which is typically used by cops, government agents, big biz, and authoritarian regimes to forcibly access the contents of physically seized smartphones.
Thought the FBI were the only ones able to unlock encrypted phones? Pretty much every US cop can get the job doneREAD MORE
21 April 2021, 09:04 pm
Signal CEO Moxie Marlinspike has hacked a cybersecurity research firm known as Cellebrite, which was also known to be a partner of the police with regards to investigations and several online systems. Cellebrite was known to help police and other clients in breaking into phones by exploiting vulnerabilities, something used ironically against them.
The Signal CEO has been known for putting forward a foot against law enforcement agencies and the government regarding their stakes over the user and citizen data which was said to be a lot. Marlinspike has previously campaigned that the data should be private to users, and users alone, and this led to the establishment of Signal Messenger which featured encryption.
By Ionut Arghire on April 22, 2021
Cellebrite’s forensic applications do not include the type of security protections one would expect from a parsing software, which renders them susceptible to attacks, according to privacy-focused messaging service Signal.
The Israel-based mobile forensics company offers data extraction and analysis services to intelligence organizations and public safety entities, but also to military and enterprise sectors. Cellebrite claims to have thousands of customers in over 140 countries. It has reportedly helped the FBI access information on locked phones, including in high-profile cases, but it has also been accused of providing its services to authoritarian regimes.
The company’s software solutions, Universal Forensic Extraction Device (UFED) and Physical Analyzer, work by parsing data from devices. With that data generated by the applications running on the device, Cellebrite’s software is not in control of the data, thus prone to attacks.
It fell off the truck : Encrypted message app Signal gets revenge on Israel s Cellebrite - Israel News haaretz.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from haaretz.com Daily Mail and Mail on Sunday newspapers.