Forensic investigation software had poor defenses: Israeli digital forensics firm Cellebrite hacked

Cellebrite Signal Hack
Cellebrite can be hacked to tamper evidence? Pic credit: Pexels/Pixabay

CEO of encrypted chat app Signal has allegedly broken into Israeli digital forensics firm Cellebrite. The latter offers software designed to unlock phones and extract their data.

In a case of the hunter becoming the hunted, Israeli digital forensics firm Cellebrite became the victim of a hack. Moxie Marlinspike, creator of the Signal messaging app, not only broke into the platform but also exposed its poor defenses.

Cellebrite’s forensic investigation software platform hacked:

Marlinspike published a post that reported vulnerabilities in Cellebrite software. These security loopholes allowed him to execute malicious code on the Windows computer used to analyze devices.

The CEO, researcher, and software engineer exploited the vulnerabilities by loading specially formatted files. He claims the hack allows him to insert any code into any app installed on the device.

This revelation of loopholes and vulnerabilities that can be exploited is certainly a major cause of concern not just for Cellebrite but also for its users.

Law enforcement agencies across the U.S., and police frequently use Cellebrite products to gather evidence from seized devices. In the past, the company has received criticism for its willingness to sell to pretty much any government. Reports claim the company offered its products to repressive regimes around the world.

Although it claims to compromise phone security everywhere, Cellebrite reportedly has poor defenses to secure its own software, claims Marlinspike.

“We were surprised to find that very little care seems to have been given to Cellebrite’s own software security. Industry-standard exploit mitigation defenses are missing, and many opportunities for exploitation are present.”

“Until Cellebrite is able to accurately repair all vulnerabilities in its software with extremely high confidence, the only remedy a Cellebrite user has is to not scan devices.”

Cellebrite software manipulation could taint or tamper evidence?

Owing to the gaping security flaws, someone could essentially re-write all of the data being collected by Cellebrite’s tools, claims Marlinspike. Hypothetically, anyone with the correct knowledge could slip in a uniquely configured file into any app on a targeted device.

What Marlinspike is suggesting is that the data gathered as forensic evidence could be manipulated or tainted by allowing for the alteration of all of the data that has been (or will be) collected by Cellebrite’s software.

Such a file could alter data “in any arbitrary way (inserting or removing text, email, photos, contacts, files, or any other data), with no detectable timestamp changes or checksum failures.” He concludes “there are virtually no limits on the code”.

As a proof of concept, the blog exposing the security vulnerabilities included a video, spliced with scenes from the movie Hackers, that shows just how easily Cellebrite’s software can be hijacked.

Many experts are calling out Marlinspike for not making Cellebrite aware of the security flaws and allowing the company to address the issues. After all, Marlinspike has very publicly outed these security concerns.

There is, however, one apparent reason behind the Signal CEO’s such brazen acts. Cellebrite had recently claimed that it could crack Signal’s encryption.

Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x