Cellebrite's police software hacked by the founder of the Signal messenger

The Israeli company Cellebrite is actively workingtogether with law enforcement officers from different countries on hacking mobile devices seized from criminals during the investigation. However, the very software of the company used for hacking turned out to be weakly protected and was hacked by one of the founders of the secure messenger Signal, Moxie Marlinspike.

Disclosure of data stored on mobiledevices of criminals, carried out by Cellebrite experts through the use of software vulnerabilities. Cellebrite used two Windows programs to hack devices: UFED and Physical Analyzer. The former created a backup copy of the devices on a computer, and the Physical Analyzer analyzed the data and converted it into an accessible form for viewing.

However, now the Israelis' softwarewas cracked by exploiting critical vulnerabilities that allowed Moxie Marlinspike to execute malicious code on a Windows machine. The expert downloaded specially formatted files embedded in various applications on the device.

According to Marlinspike himself, inserting intoapplication on the device is an outwardly harmless but pre-formatted file, you can modify all Cellebrite reports obtained as a result of scanning and analyzing data from this gadget. This changes text files, emails, photos, contacts, and other data.

As a result, all data obtained using the Cellebrite software can be questioned, including in court.

Source: signal