What is Cellebrite

Mobile & Apps

Moxie Marlinkspike, founder of the messenger service Signal, apparently still had an unresolved bill with the Cellebrite company. In a detailed blog entry he scrutinized the forensics software and criticized its security, found legally questionable elements and explained how one can attack the software used by police forces and authorities.

The background: Cellebrite offers authorities special software with which locked smartphones and other devices can open and read the data of their users - from criminals, but also from dissidents. In December, Cellebrite had now claimed to be able to evaluate the communications of the messenger signal, but this was not entirely correct. The app can read data from an unlocked smartphone, but has no access to encrypted messages.

For Signal, however, this was obviously the reason to take a closer look at the solution. The Israeli solution is actually only available for authorities, but according to the report, one of the software and hardware solutions "fell off a truck" (according to Marlinspike) and could be analyzed. The tool collection supplied with a comprehensive package of adapters includes software called UFED and a tool called Physical Analyzer.

Although it has the ability to bypass many of the security functions of smartphones and computers, the analysis shows that the software itself is quite vulnerable to attacks. The developer found numerous modules of the ffmpeg video software in the app, which has many security gaps. There are hardly any protective measures against attacks on the software, criticized Marlinkspike.

As the developers show in a video, this makes it relatively easy to sabotage access by Cellebrite - a specially prepared file on the iPhone to be unlocked is sufficient. As shown in a video, an attempt to access an iPhone backup causes a software error and an attacker could even disable previous scans with Cellebrite - for example by executing code on the Cellebrite computer and changing data. This could prevent the Cellebrite results from being used in court.

Such a "booby trap" could probably also contain upcoming signal versions, but legally this is a gray area. As Signal remarked in an ironic tone, future Signal versions would contain additional data “they look nice, and aesthetics are important in software”. However, it can be assumed that these files will lead to problems at Cellebrite.

For Cellebrite even more embarrassing and possibly a reason for a lawsuit: The software uses so-called DLLs from Apple such as AppleMobileDeviceService.exe to access iPhones. This is code that Apple certainly has not licensed, and the company could be sued by Cupertino as a result. (Macworld)