Moxie Marlinspike has elaborated on the destructibility of the surveillance devices which are made by Cellebrite.
According to him, anyone would be successful to take over Cellebrite’s hardware which was used to scan the device by putting a code on a phone. The person taking over the hardware can easily anonymously affect future investigations. The hacker can also change the previous analyses by rewriting the data tools.
Our latest blog post explores vulnerabilities and possible Apple copyright violations in Cellebrite’s software:
— Signal (@signalapp) April 21, 2021
According to Marlinspike; “Cellebrite makes software to automate physically extracting and indexing data from mobile devices. Their customer list has included authoritarian regimes in Belarus, Russia, Venezuela, and China; death squads in Bangladesh; military juntas in Myanmar; and those seeking to abuse and oppress in Turkey, UAE, and elsewhere. Their products have often been linked to the persecution of imprisoned journalists and activists around the world, but less has been written about what their software actually does or how it works.”
Since Cellebrite has claimed to able to break Signal encryption, Mike Marlinspike has been criticizing Cellebrite. He has been extremely directly bashing the company for its defects.
Cellebrite’s technologies enable its users in investigations being carried out digitally. The physical devices owned by wanted people would be get hacked by these devices. It is used by the police forces around the world. Now, most apps have end-to-end encryption and Cellebrite has claimed that it has can easily bypass encrypted devices. Its tools also help digital forensics teams to get information from unlocked, powered-on devices. And after the investigations, the results and analyses would be automatically done on phone rather than by hand.
Marlinspike has claimed to found more than 100 security weaknesses in Cellebrite devices and also modifications are not possible except in just one.
“Not just the Cellebrite report being created in that scan, but also all previous and future generated Cellebrite reports from all previously scanned devices and all future scanned devices.”
Marlinspike brutally criticized Cellebrite, pointing out that it has kept its weaknesses in its own body. The company is completely trapped in a bunch of defects and is nothing but total failure.
He further explained;
“Any app could contain such a file, and until Cellebrite is able to accurately repair all vulnerabilities in its software with extremely high confidence, the only remedy a Cellebrite user has is to not scan devices,”
While promoting and talking about his own app Signal he added;
“The upcoming versions of Signal will be periodically fetching files to place in-app storage. These files are never used for anything inside Signal and never interact with Signal software or data, but they look nice, and aesthetics are important in software.”
Cellebrite continued its speech of goodwill that it is made solely to serve justice and eradicate bads from the world. In a statement, they said:
“Cellebrite enables customers to protect and save lives, accelerate justice, and preserve privacy in legally sanctioned investigations. We have strict licensing policies that govern how customers are permitted to use our technology and do not sell to countries under sanction by the US, Israel, or the broader international community. Cellebrite is committed to protecting the integrity of our customers’ data, and we continually audit and update our software to equip our customers with the best digital intelligence solutions available.”
He also said that Apple’s intellectual property is resent within Cellebrite’s software, which could present a ‘legal risk for Cellebrite and its users.’
However, Cellebrite claimed to crack Signal’s Encryption. For Cellebrite tables have been turned around and that too, quite furiously.