Signal demonstrates flaws in Cellebrite hacking equipment |
The Encrypted Chat Signal app, on the blog, suggests that products sold to law enforcement agencies can easily be blocked by surveillance provider Cellebrite, which specializes in helping law enforcement agencies copy police records. Calls, texts, photos and other data from smartphones.
Cellebrite has been sold to authoritarian governments several times in the past, including Belarus, Russia, Venezuela, China, Bangladesh and Myanmar, and has been criticized several times.
The company sells a data analyzer called UFED that law enforcement agencies can use to hack iOS or Android phones and extract data.
Cellebrite topped the news after it was hired by the FBI to unlock the gunman's iPhone in the 2015 San Bernardino accident. At the time, government agencies reportedly paid $ 900,000 for it.
Last year, when the monitoring provider announced that their devices had been updated to allow law enforcement access to signal messages from their devices, Signal, a privacy-focused app, came via Cellebrite.
Signal maker and CEO (Moxie Marlinspike) said at Post that he has purchased and tested a full suite of Cellebrite hardware and software.
Marlinspike indicated that the upcoming update of the application will prevent any attempt to break into the police.
Signal developer said: I was surprised that Cellebrite security received little attention, including the use of some legacy DLL libraries like FFmpeg which was released in 2012 and the MSI install package. Windows for Apple iTunes.
Marlinspike stated that it was easy to add special files to the phone to block Cellebrite functions.
The monitoring provider did not directly respond to Marlinspike's certification in a statement, but said: Company employees are constantly reviewing and updating our software to provide the best smart digital solutions to our customers.
Marlinspike indicated elsewhere in the article that he had found bits of Apple code in the Cellebrite program. He said this could pose a legal risk to Cellebrite and its users without permission.
When the Marlinspike comments surfaced, the monitoring services provider was preparing to go public and the combined company's shares were valued at $ 2.4 billion.