Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security IT Technology

Signal CEO Hacks Cellebrite iPhone Hacking Device Used By Cops (vice.com) 85

FlatEric521 shares a report: Moxie Marlinspike, the founder of the popular encrypted chat app Signal claims to have hacked devices made by the infamous phone unlocking company Cellebrite, which has famously worked with cops to circumvent encryption such as Signal's. In a blog post Wednesday, Marlinspike not only published details about the new exploits for Cellebrite devices but seemed to suggest that Signal's code could be theoretically altered to hack Cellebrite devices en masse. "We were surprised to find that very little care seems to have been given to Cellebrite's own software security. Industry-standard exploit mitigation defenses are missing, and many opportunities for exploitation are present," Marlinspike wrote in the post. "Any app could contain such a file, and until Cellebrite is able to accurately repair all vulnerabilities in its software with extremely high confidence, the only remedy a Cellebrite user has is to not scan devices."

Marlinspike claims (whether you believe this portion of the post or not is up to you) that while he was on a walk he happened to find a Cellebrite phone unlocking device: "By a truly unbelievable coincidence, I was recently out for a walk when I saw a small package fall off a truck ahead of me. As I got closer, the dull enterprise typeface slowly came into focus: Cellebrite. Inside, we found the latest versions of the Cellebrite software, a hardware dongle designed to prevent piracy (tells you something about their customers I guess!), and a bizarrely large number of cable adapters." Along with his colleagues, Marlinspike analyzed the device and found that it included several vulnerabilities that could allow an attacker to include an "otherwise innocuous file in an app" that when it gets scanned by a Cellebrite device exploits it and tampers with the device and the data it can access.

This discussion has been archived. No new comments can be posted.

Signal CEO Hacks Cellebrite iPhone Hacking Device Used By Cops

Comments Filter:
  • Miss Piggy (when motorcycle appears): What an unbelievable coincidence!

    • by fermion ( 181285 ) on Wednesday April 21, 2021 @02:28PM (#61298206) Homepage Journal
      He has to protect the narc who sold it to him. This seems to be security through obscurity.

      It goes to show that the major vendors will only go so far to protect users. Surely Apple has been able to get hold of one of these devices, and understands how to brick it. The only reason they might not is retaliation from the authorities.

      If Signal is brave enough to do this, then it is a reason for users to install and use the app.

      • I want Apple to answer questions, like... for probably less money than it would take to fix their software and find all the bugs, why dont they buy Cellebrite and shut it down; and use the talent to patch iOS/MacOS?
      • by AmiMoJo ( 196126 )

        I hope Apple sues them for copyright infringement on the files they stole from the iTunes installer.

        • Re: (Score:3, Informative)

          by Anonymous Coward

          Zero chance of that. Cellebrite owns BlackBag [idropnews.com] which does have a legal right to most of these things in the context of forensic use as a Premier Partner(tm) with Apple. Generally these partner agreements last for at least as long as a forensic tool's support contract, which can be 10 years or more. Apple likely can't back out of it even if they wanted to.

      • Yeah, but why even say anything about the device at all? It's not like he has to prove he has one.
  • by nospam007 ( 722110 ) * on Wednesday April 21, 2021 @02:24PM (#61298184)

    "By a truly unbelievable coincidence, I was recently out for a walk when I saw a small package fall off a truck ahead of me. "

    I also know people owning lots of electronic devices that fell off a truck.

    • All I can think is there must be some really brutal EULA that goes into effect if you purchase one. By claiming he "found" it he is trying to get around it.

      IANAL, and this is pure speculation.
    • I wonder if this is before or after he lost all his guns in a boating accident.

    • I own several pieces of electronics that fell off a truck.

      Over time, in the industry, such electronics end up in the homes of various engineers.
      When you know enough of them, sometimes, some of them are willing to give them away to someone who's interested (and who they may be interested to see what is done with it)

      I'm really only surprised it took this long.
    • Yes I buy stuff from Amazon too.

  • i should not trust my smartphone anymore,
    should i take a hammer to both my android and iphone and toss em in the trash and go buy a dumb flip-phone that dont do anything other than phone calls and text messsages? sure it will lack the bells & whistles but at least there wont be any personal info on it worth looking at
    • Buy all your flip phones with cash at midnight in a parking lot, from Saul Goodman. Use them once, wipe them for prints, and break them in half. If you really must use one...
    • i should not trust my smartphone anymore

      You never should have trusted it. What a rube.

    • by caseih ( 160668 )

      Probably shouldn't trust your smart phone. But on the other hand, it's starting to look like installing Telegram is probably a good idea.

  • When can we expect Android and IOS patches that neuter Cellebrite's security bypass and data extraction tools?

    • Re: (Score:2, Informative)

      by Anonymous Coward
      Cellebrite does not unlock the phone. It uses standard OS features to backup data from an unlocked phone. Physical security is important. Don't unlock your phone and hand it to someone you don't trust. They can open your apps and look at stuff, or use Cellebrite's tool to make a backup and look at stuff later.

      Anyway, you really should not trust your phone. All the whining about phone encryption getting in the way of law enforcement is theater. They want you to trust your phone. Mobile phone standards are i
    • > When can we expect Android and IOS patches that neuter Cellebrite's security bypass and data extraction tools?

      Cellebrite is useful to Apple and Google - they can tell the Feds to leave them alone because they have other options.

      Moxie is DEFINITELY NOT going to plant Cellebrite exploits in Signal so that any phone with Signal on it will crash Cellebrite's tools. Because we can rely on the government to protect our lives, liberty, and property according to the Social Contract that we all signed.

      ^lies

    • When can we expect Android and IOS patches that neuter Cellebrite's security bypass and data extraction tools?

      Apparently, according to M0xie, the Cellebrite software is so horrendously bad, that the simple existence of some files with imperfect content can utterly b0rk it.
      A.k.a. Cellebrite devs were cretins enough to not even attempt to sanitize their input.

      Also:

      The completely unrelated

      In completely unrelated news, upcoming versions of Signal will be periodically fetching files to place in app storage. These files are never used for anything inside Signal and never interact with Signal software or data, but they

      • Re:Defense (Score:5, Informative)

        by vux984 ( 928602 ) on Wednesday April 21, 2021 @04:46PM (#61298736)

        I work with clients in telecom; and cellebrite and mce systems (both Israeli companies as it happens) make devices sold to mobile dealers to do data backup/transfers between phones. It was a bigger deal in the flip phone, RAZR, blackberry days, but is still useful today even with most people on iphones and androids.

        I've seen piles of devices from both companies, and the "bizarre number of adapters" they come with. :)

        The functionality is pretty impressive; the software quality is not great but not bad compared to my experience with other tools in this type of non-end-user / non-retail-consumer-facing category. It is surprisingly bloated; some of it due to including device drivers to talk to every phone under the sun).

        Customer support, in my experience at least, was surprisingly good and (based on the support agent names and accents) was done from Israel; not outsourced.

        I don't know how much different law enforcement versions are; i doubt much different (likely share large chunks of data processing and device driver code) with some extra "unlocking" features enabled.

        I'd also not be surprised that the existence of some files can break it; anyone who has used it much to back up and restore phones has run into cases where something just wouldn't sync and would block entire categories of data from being transferred thanks to a corrupt calendar entry or contact record or whatever. It would not surprise me if you could deliberately craft data to screw with it.

  • ...upcoming versions of Signal will be periodically fetching files to place in app storage. These files are never used for anything inside Signal and never interact with Signal software or data, but they look nice, and aesthetics are important in software.

    This made me laugh. They're telling law enforcement that if they hack devices with Signal, that they are opening themselves up to being hacked by Signal.

  • Wider implication (Score:5, Insightful)

    by sjames ( 1099 ) on Wednesday April 21, 2021 @03:40PM (#61298514) Homepage Journal

    The implication is MUCH wider. Essentially if the Cellebrite device has EVER scanned a phone that had a properly prepared file on it, ALL scans the device has ever conducted or will conduct in the future are potentially tainted including adding removing or altering "found" contacts or media content.

    • by AmiMoJo ( 196126 )

      There was a similar case in the late 90s. Some bit of forensic software that was widely used could be exploited to run arbitrary code by editing your filesystem in a way that Windows would ignore.

      I don't know what happened, probably nothing. At least in the UK you would need some additional evidence that the files on your computer were tampered with, the mere fact that it could have happened isn't enough. The police will say they have anti virus software so were not hacked.

      • by sjames ( 1099 )

        It's all too common for police to completely ignore a glaring evidentiary error and claim "nothing to see here". Unfortunately, the courts too often bend over backwards to take their word for that.

    • Finally, Celebrite et. al. eating their own dog food

  • The whole notion of it falling off the back of a truck at just the right place at just the right time in front of just the right person makes me think the whole thing was planted to fool Signal into thinking it was getting the keys to the kingdom when in reality, it was probably planted and right now Cellebrite is hacking into Signal's systems.

    • by k2r ( 255754 )

      Or “this object fell off a truck” is another way of saying “we will not tell you how we hot hold of this object”.
      Whatever is more likely.

  • https://signal.org/blog/celleb... [signal.org] > Also of interest, the installer for Physical Analyzer contains two bundled MSI installer packages named AppleApplicationsSupport64.msi and AppleMobileDeviceSupport6464.msi. These two MSI packages are digitally signed by Apple and appear to have been extracted from the Windows installer for iTunes version 12.9.0.167.
  • by schweini ( 607711 ) on Wednesday April 21, 2021 @09:45PM (#61299404)
    If I read the screen recording in the video in the article correctly, then Cellebrite seems surprisingly simple?
    It seems to be a glorified dd/adb backup/iTunes backup) with a parser bolted on top (similar to PhotoRec?).
    The screenshot repeatedly says that the user has to unlock the device, enable USB debugging (Android) or hit "trust this device". So a bog standard screen lock should protect at least against this version of Cellebrite.
    That being said, the last paragraph of the article is very nice (including certain files in Signal for purely esthetic reasons)
  • FFmpeg? (Score:4, Interesting)

    by Rick Zeman ( 15628 ) on Thursday April 22, 2021 @07:20AM (#61300350)

    FFmpeg License
    FFmpeg is licensed under the GNU Lesser General Public License (LGPL) version 2.1 or later. However, FFmpeg incorporates several optional parts and optimizations that are covered by the GNU General Public License (GPL) version 2 or later. If those parts get used the GPL applies to all of FFmpeg.

    Read the license texts to learn how this affects programs built on top of FFmpeg or reusing FFmpeg. You may also wish to have a look at the GPL FAQ.

    Note that FFmpeg is not available under any other licensing terms, especially not proprietary/commercial ones, not even in exchange for payment.

    Wonder what other GPL violations there are?

  • I like it! Use Cellbrite on a device with Signal, lose the hardware. As the use of Cellbrite is not authorized by the device owner, this should even be legal, possibly with a warning message in the Signal TOU (not shown when Cellbrite is used, of course, but that is _their_ problem).

  • If I have this right, the complaint is that Cellebrite's unlocking software has vulnerabilities that could allow an attacker to plant false evidence on a phone.

    So, basically during an investigation the Police or some other nefarious entity could plant false evidence to implicate a suspect.

    In other words, planting false evidence is a possibility in this particular case just like in any other criminal investigation conducted by Police ever.

    Sounds a lot more like FUD to me.

Sigmund Freud is alleged to have said that in the last analysis the entire field of psychology may reduce to biological electrochemistry.

Working...