Home | Community | Message Board

Avalon Magic Plants
This site includes paid links. Please support our sponsors.


Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Unfolding Nature Shop: Unfolding Nature: Being in the Implicate Order

Jump to first unread post Pages: 1
OfflineAlan RockefellerM
Mycologist
Male User Gallery
Registered: 03/10/07
Posts: 48,266
Last seen: 11 hours, 49 minutes
Signal CEO Hacks Cellebrite iPhone Hacking Device Used By Cops * 1
    #27277654 - 04/22/21 02:43 AM (2 years, 9 months ago)

https://www.vice.com/en/article/k78q5y/signal-ceo-hacks-cellebrite-iphone-hacking-device-used-by-cops


Moxie Marlinspike, the founder of the popular encrypted chat app Signal, claims to have hacked devices made by the phone unlocking company Cellebrite, which has famously worked with cops to circumvent encryption such as Signal's. In a blog post Wednesday, Marlinspike not only published details of new exploits for Cellebrite devices, but seemed to suggest that Signal's code could be theoretically altered to hack Cellebrite devices en masse.

"We were surprised to find that very little care seems to have been given to Cellebrite’s own software security. Industry-standard exploit mitigation defenses are missing, and many opportunities for exploitation are present," Marlinspike wrote in the post. "Any app could contain such a file, and until Cellebrite is able to accurately repair all vulnerabilities in its software with extremely high confidence, the only remedy a Cellebrite user has is to not scan devices."

Marlinspike claims (whether you believe this portion of the post or not is up to you) that while he was on a walk he happened to find a Cellebrite phone unlocking device: “By a truly unbelievable coincidence, I was recently out for a walk when I saw a small package fall off a truck ahead of me. As I got closer, the dull enterprise typeface slowly came into focus: Cellebrite. Inside, we found the latest versions of the Cellebrite software, a hardware dongle designed to prevent piracy (tells you something about their customers I guess!), and a bizarrely large number of cable adapters."

Cellebrite devices are used by cops to unlock iPhones in order to gather evidence from encrypted devices. This can include photos and messages on the device, potentially including Signal messages.

Along with his colleagues, Marlinspike analyzed the device and found that it included several vulnerabilities that could allow an attacker to include an "otherwise innocuous file in an app" that when it gets scanned by a Cellebrite device exploits it and tampers with the device and the data it can access.

To be clear, this is a pretty ballsy show of force. Marlinspike published details about the exploits outside of normal "responsible disclosure" guidelines and suggested that he is willing to share details of the vulnerabilities as long as Cellebrite does the same with all the bugs the company uses to unlock phones, "now and in the future."

In a slightly nebulous final paragraph. Marlinspike said that future versions of Signal will include files that "are never used for anything inside Signal and never interact with Signal software or data," perhaps implying these could be designed to tamper with Cellebrite devices.

We reached out to Signal to ask them to clarify what Marlinspike meant exactly in the last paragraph of his blog post.


Cellebrite did not immediately respond to a request for comment.

In their analysis of the device, Signal researchers also found that it contained packages signed by Apple, and likely extracted from the Windows installer for iTunes version 12.9.0.167. According to Marlinspike, this could be a copyright violation.


Extras: Filter Print Post Top
Invisiblefungusul
Fungus Kingdom

Registered: 07/16/20
Posts: 1,028
Re: Signal CEO Hacks Cellebrite iPhone Hacking Device Used By Cops [Re: Alan Rockefeller]
    #27283002 - 04/26/21 05:44 PM (2 years, 8 months ago)

Thanks for an excellent article.

Including files for hacking Cellbrite is not something they should do. Nobody likes private blobs included with software. This would also break Signal reproducible builds https://signal.org/blog/reproducible-android/ which is a great security feature.

Wonder if Cellbrite has managed to hack into a google pixel 5 with GrapheneOS(https://grapheneos.org/). Pixel 5 comes with Titan M chip which provides extra protections.


Extras: Filter Print Post Top
Jump to top Pages: 1

Unfolding Nature Shop: Unfolding Nature: Being in the Implicate Order


Similar ThreadsPosterViewsRepliesLast post
* Disabling iPhone Tracking Feature iamnotadream 281 11 04/26/11 10:42 PM
by snoot
* Can someone hack into your webcam and watch you?
( 1 2 all )
Anonymous 827 28 07/09/11 03:33 PM
by k00laid
* Using Iphone For Pictures Anonymous 157 3 02/22/12 06:02 AM
by Anonymous
* Is there any way for the FED's to hack the shroomery?MODs?
( 1 2 all )
OverdoseLiving 1,291 35 04/29/10 09:34 PM
by numonkei
* DRUG DOGS SIGNALED TO ALERT
( 1 2 all )
Realnuggetz 2,906 30 10/27/08 04:54 PM
by J3illy
* Has the shroomery ever been hacked? TheShroomHermit 1,710 10 03/14/04 05:47 PM
by The_Red_Crayon
* Hacking Help..
( 1 2 all )
Agent MadHatter 615 20 09/12/09 07:13 PM
by Tripp420
* I need help. I got robbed and seek help to hack a phone cacharstar 183 11 05/05/13 12:51 AM
by Shroomism

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: Enlil, Alan Rockefeller
323 topic views. 0 members, 1 guests and 1 web crawlers are browsing this forum.
[ Show Images Only | Sort by Score | Print Topic ]
Search this thread:

Copyright 1997-2024 Mind Media. Some rights reserved.

Generated in 0.022 seconds spending 0.007 seconds on 15 queries.