CEO of encryption messenger 'Signal' reports that 'iPhone analysis tool for police purveyor' has been hacked
Moxie Marlinspike, CEO of the encryption messenger app
Signal >> Blog >> Exploiting vulnerabilities in Cellebrite UFED and Physical Analyzer from an app's perspective
https://signal.org/blog/cellebrite-vulnerabilities/
Signal CEO Hacks Cellebrite iPhone Hacking Device Used By Cops
https://www.vice.com/en/article/k78q5y/signal-ceo-hacks-cellebrite-iphone-hacking-device-used-by-cops
The tool in question was developed by Israeli digital intelligence company Cellebrite. A tool developed by Cellebrite is capable of unlocking phones and extracting data, and is known to be used by US law enforcement agencies to collect evidence from seized devices.
Cellebrite is a company that became famous for the FBI and Apple's iPhone unlocking problem, which made many people aware of smartphone privacy issues. At the request of the FBI, Cellebrite has unlocked the iPhone and has other transactions with Belarus, Russia, Venezuela, China, Bangladesh, Myanmar, Turkey, etc. to support oppressive and dictatorial regimes. I was criticized for doing it.
What is the world's highest level smartphone crack group 'Cellebrite' that became famous for the FBI vs. Apple iPhone unlocking problem? --GIGAZINE
The tools Marlinspike hacked are Cellebrite's two Windows software, UFED and Physical Analyzer. UFED will make a backup of the smartphone on the Windows PC, and Physical Analyzer will analyze the backup file and make it viewable.
Also, in order to actually extract a backup of a smartphone using Cellebrite's tools, a dedicated hardware kit is required, but Marlinspike also obtained this hardware kit. 'It's a really incredible coincidence, but I saw a set of Cellebrite hardware falling from the truck in front of me,' Marlinspike said, claiming it was 'just picked up.' I will.
Marlinspike pointed out that due to a security flaw, all the data collected by the tool is mutable and unreliable, and in the official blog, 'Cellebrite's Tools Using the
It also turns out that Physical Analyzer and Cellebrite's iOS Advanced Logical tools include multiple digitally signed ones by Apple. Marlinspike pointed out that Cellebrite is diverting Apple files without permission, which could pose a legal risk to users.
'I was surprised that Cellebrite itself seems to pay little attention to software security. It lacks industry-standard exploit protection and is open to vulnerabilities,' said Marlinspike. We advise that smartphones should not be scanned until Cellebrite can accurately fix the vulnerability.
Related Posts: