Posted on April 23, 2021 at 2:43 PM
Signal Exposes Security Lapses At Digital Intelligence Firm Cellebrite
In a rare move to counter hacking threats, messaging app Signal has hacked into Cellebrite’s software and shared the exploits on its blog.
Cellebrite is a digital intelligence firm that produces smartphone hacking tools used by police authorities and intelligence firms to break into confiscated smartphones. The recent use of the software was in a child murder case in Brazil when it was used to uncover the incidence.
The hacker has been hacked
Most companies use Cellebrite to crack codes of devices. However, Signal’s chief executive officer, Moxie Marlinspike, has demonstrated that even the company’s security systems can be penetrated.
Marlinspike stated that Cellibrite’s software can be manipulated easily when anyone succeeds in cracking it. This, according to him, could alter the result of criminal investigations. To prove his point, he loaded and embedded specifically formatted files to any app of the infiltrated device.
He also provided details of what a hacker can do when they eventually circumvent Cellebrite’s security. “There are virtually no limits on the code that can be executed,” Marlinspike added.
Marlinspike noted that if the security measures are cracked, it’s possible to execute code that modifies both present and future reports by removing or inserting text, files, contacts, photos, email, and other data, with no checksum failures of detectable timestamp changes.
He added that the hack can be carried out at random, and call the data integrity reports of the company to question.
Signal may also face legal issues with Apple
Marlinspike also posted a short video on Twitter, showing how easy it was to execute the entire hacking operation on Cellebrite.
He also released some information in his blog pointing out that some of the company’s codes are the intellectual property of tech giant Apple. If this revelation is discovered to be true, it could result in a storm of legal issues for the intelligent firm.
Signal added that it’s highly unlikely that Apple would grant such an important license for the redistribution and incorporation of Apple DLLs in its product.
A retaliation or Marlinspike just having fun
Some observers say Marlinspike’s actions show his strong desire to bring the company to disrepute. He went public with the hacking revelation and reported other critical issues that could have been handled privately.
Some say his action could be in response to Cellebrite’s blog post in December last year. In the post, the intelligent company explained how it had parsed Signal on a screen-locked Android device.
However, some observers feel his actions are not connected to any previous event, and that Marlinspike could be doing it for fun.
Cellebrite manufactures two major products: Physical Analyzer and UFED. These products have been used in the past by the FBI in the U.S. to crack iPhones. It has also been used by authoritarian regimes in several parts of the world in Belarus and Russia, as well as the police in Myanmar.
The physical analyzer parses hacked files that will be readable or browsable for the uses. UFED on the other hand backs up the device on a Windows computer.
It seems Signal succeeded in executing code using a “specifically formatted but harmless file in an app already scanned by Cellebrite.
Cellebrite users are in danger of vulnerability
The post reiterates that users of the Cellebrite software are in danger of exposing their systems to threat actors if they continue scanning the Cellebrite’s software. According to Marlinspike, users are only safe when they do not scan the files, not until Cellebrite has been able to expressively find patches to all vulnerabilities.
Marlinspike said finding and providing patches to all vulnerabilities will also take time, which leaves the user with no option other than to avoid scanning any files from the software.
However, Signal says it’s ready to disclose all vulnerabilities it has found to Cellibrite if they are willing to disclose the same for all vulnerabilities in their physical extraction to their vendors. At the time of writing Cellebrite is yet to respond to the blog post or reply to Signal for its disclosure proposal.
