Cellebrite iPhone hacking device used by cops has been hacked by Moxie Marlinspike, CEO and founder of chat app Signal. The Signal CEO in a blog post on Wednesday published in a blog post details how Signal codes can be theoretically altered to exploit Cellebrite devices.
According to Moxie, he was surprised to find Cellerite’s own device cared little about its software security. They lacked industry-standard defenses and were vulnerable to hackers.
The blog post he wrote further stated “Any app could contain such a file, and until Cellebrite is able to accurately repair all vulnerabilities in its software with extremely high confidence, the only remedy a Cellebrite user has is to not scan devices.”
Marlinspike accidentally stumbled upon a Cellebrite phone unlocking device he claims he saw a small package fall off a truck ahead of him. His curiosity made him investigate the package only to find the Cellebrite device. Inside the package, he found the latest versions of Cellebrite software, a few hardware dongles designed to prevent piracy, and a number of large cable adapters.
What is a Cellebrite iPhone Hacking Device ?
Cellebrite iPhone Hacking Device is a device commonly used by cops to unlock iPhones. It helps them gather information from the encrypted devices which may provide substantial evidence in their investigations. Potentially it can also decrypt Signal messages.
Marlinspike and his colleagues diagnosed the device and discovered it had a number of security flaws that the hackers can exploit. In this case, hackers could end up adding a harmless-looking file in an app, on getting scanned by a Cellebrite device is triggered and tampers the device and its data can be accessed.
The details of the vulnerabilities were published in detail in his blog post. He also showed his willingness to share the details of the vulnerabilities as long as Cellebrite does the same with all the bugs used by the company to unlock phones.
Concluding his post he said, in the future Signal app may include a number of files that might have nothing to do with the app. These might just be designed to tamper with the Cellebrite devices.
Researchers at Signal also found packages signed by Apple, perhaps extracted from the Windows installer for iTunes version 18.104.22.168, this again could mean a copyright violation.