- Signal CEO Moxie Marlinspike published a security analysis of Cellebrite’s software.
- Cellebrite is a company that specializes in breaking into locked phones, and is used by law enforcement.
- Marlinspike says he found Cellebrite’s software was full of exploitable vulnerabilities.
- See more stories on Insider’s business page.
Encrypted messaging app Signal dealt a major blow to Cellebrite, a company that specializes in breaking into locked phones.
Moxie Marlinspike, Signal’s CEO, published an explosive blog Wednesday detailing how he and his team managed to hack software from digital forensics firm Cellebrite.
Cellebrite provides software capable of breaking into locked phones and extracting data whilst hooked up to a secondary device. It is popular with police forces, who ship off locked phones for Cellebrite to unlock for thousands of dollars.
Cellebrite advertises itself as being able to crack into high-end phones that have sophisticated security, like iPhones.
But according to Marlinspike’s analysis of Cellebrite’s tech, its software is itself full of security vulnerabilities.
Marlinspike wrote, presumably tongue-in-cheek, that he obtained a Cellebrite-branded package containing dongles, its latest software, and cables after he saw it “fall off a truck ahead of me.”
Analyzing the software, he found that it was possible to hack Cellebrite’s software by leaving specially designed lines of code inside apps on a phone that’s being targeted, like booby traps.
This allowed Marlinspike to not only create fake data for scanning, but also modify old reports and potentially tamper with future ones by adding or removing data including text, emails, and photos.
“This could even be done at random, and would seriously call the data integrity of Cellebrite’s reports into question,” he wrote.
Marlinspike also said he found files that implement iTunes functionality in Cellebrite’s software, and said he found it unlikely that Apple had granted Cellebrite a license.
“It seems unlikely to us that Apple has granted Cellebrite a license to redistribute and incorporate Apple DLLs in its own product, so this might present a legal risk for Cellebrite and its users,” he wrote.
Apple did not immediately respond when contacted by Insider.
Cellebrite did not immediately respond to a request for comment when contacted by Insider.
Marlinspike also appeared to give Cellebrite an ultimatum. “We are of course willing to responsibly disclose the specific vulnerabilities we know about to Cellebrite if they do the same for all the vulnerabilities they use in their physical extraction and other services to their respective vendors, now and in the future,” he wrote.
In his blog he also accused the company of providing its services to authoritarian regimes, and signed off by saying in “completely unrelated news” that Signal would from now on be occasionally be placing files in app storage.
“These files are never used for anything inside Signal and never interact with Signal software or data, but they look nice, and aesthetics are important in software,” Marlinspike wrote. Vice’s Lorenzo Franceschi-Bicchierai writes that while cryptic, these files may be designed to tamper with Cellebrite software or devices.
This isn’t the first time Marlinspike has locked horns with Cellebrite. In December 2020, Cellebrite claimed it had worked out how to decrypt Signal chats on Android devices – which Marlinspike disputed.