Andrew Orr joins host Kelly Guimont for the latest in Security Friday news, and this week there’s enough bad news for everyone to share!
Here’s How Signal Broke Into Cellebrite’s Hacking Device
Moxie Marlinspike of Signal wrote on Wednesday how he was able hack into a Cellebrite device. These devices are used by entities like law enforcement to brute force their way into devices like iPhones.
Given the number of opportunities present, we found that it’s possible to execute arbitrary code on a Cellebrite machine simply by including a specially formatted but otherwise innocuous file in any app on a device that is subsequently plugged into Cellebrite and scanned. There are virtually no limits on the code that can be executed.
A fascinating write-up. One can only imagine the thrill of taking a walk, seeing a package fall out of a truck, and finding out that it’s a Cellebrite device.
Cellebrite Has Not Broken Signal’s Encryption
On Tuesday, security company Cellebrite claimed to have broken the encryption that Signal uses to keep user communication safe. The blog post has since been removed, but the BBC has an archived version here. But Signal says that claim isn’t true.
It is important to understand that any story about Cellebrite Physical Analyzer starts with someone other than you physically holding your device, with the screen unlocked, in their hands. Cellebrite does not even try to intercept messages, voice/video, or live communication, much less “break the encryption” of that communication. They don’t do live surveillance of any kind.
Cellebrite Pitches its iPhone Hacking Tools as COVID-19 Surveillance Solution
Cellebrite, a company known for its iPhone hacking tools, is pitching its products to governments as a surveillance alternative to contact tracing.
When someone tests positive, authorities can siphon up the patient’s location data and contacts, making it easy to “quarantine the right people,” according to a Cellebrite email pitch to the Delhi police force this month.
This would usually be done with consent, the email said. But in legally justified cases, such as when a patient violates a law against public gatherings, police could use the tools to break into a confiscated device, Cellebrite advised.
I get the feeling that there are many who are unhappy that Apple and Google’s solution is private and opt-in. Companies like Cellebrite and Palantir can’t pass up such an opportunity.
- Playing the Really Oldies - TMO Daily Observations 2023-03-10
- Stories Financial Analysts Tell - TMO Daily Observations 2023-03-07
- Ted Lasso Goes to Washington - TMO Daily Observations 2023-03-20
- Apple, Bloomberg, and Blood Sugar - TMO Daily Observations 2023-02-23
- realityOS and Qualcomm's Smart Car Plans - TMO Daily Observations 2023-03-16
- Idiosyncratic Tailwinds and Latch Hook Rugs - TMO Daily Observations 2023-02-24
Cellebrite Releases Report of Digital Intelligence Trends 2020
Forensics company Cellebrite, mainly known for its iPhone hacking capabilities, released a report of top digital intelligence trends for 2020. One thing that stuck out at me:
…over 70 percent of officers are still asking witnesses and victims to surrender their devices…However, most people do not want to have their primary communication device taken away for an indefinite period. To combat this issue, 67 percent of agency management believe that mobility technology is important or very important to the agency’s long-term digital evidence strategy and 72 percent of investigators believe it is important to conduct in-the-field extractions of this data.
In other words, it sounds to me like LE wants the capability to extract data from devices on site, instead of sending it to a lab. Fast action is important for LE, but it may also be too fast for people to think about those pesky rights they have before handing their phone over.
Locked Apple Notes Aren’t as Secure as You Think
Forensic company BlackBag, a Cellebrite company, recently found that locked Apple Notes are temporarily stored in an insecure state.
Cellebrite’s Acquisition Adds Computer Forensics to its Portfolio
Cellebrite, a company specializing in hacking smartphones for law enforcement, has acquired BlackBag Technologies, a company specializing in hacking computers for law enforcement. This will let Cellebrite offer law enforcement an “all-in-one” forensic solution to cover smartphones, laptops, desktops, and cloud data.
It also means offering a broad array of field acquisition capabilities including consent-based evidence collection along with an integrated solution set that provides access, insight and evidence management to facilitate and control large-scale deployments and orchestrate the entire digital intelligence operation.
Cellebrite offers all of these capabilities to law enforcement, but the FBI still wants Apple to create a backdoored version of iOS.
Here’s What Data is Accessible With Cloud Forensics
When a company like Cellebrite or GrayKey use their devices to break into your iPhone, it’s not just your local data that can be accessed. Using various types of “cloud forensics” or cloud extraction technology, they can get your data in the cloud as well. It’s a long read but worth it.
Cellebrite’s UFED Cloud Analyzer, for example, uses login credentials that can be extracted from the device to then pull a history of searches, visited pages, voice search recording and translations from Google web history and view text searches conducted with Chrome and Safari on iOS devices backed-up iCloud.
Cellebrite Now Uses iOS Exploit Checkm8
Checkm8 is an iPhone flaw in the bootrom that can lead to a jailbreak. It can’t be patched via software, and it affects the iPhone 4s through iPhone X. But attackers need physical access to your device, and the jailbreak can only be tethered, meaning that if the iPhone is restarted it disappears.
The Cellebrite UFED team is working quickly to provide users with support for the above-mentioned scenario. This will be included with the launch of our iOS extraction agent in an upcoming release. The team is committed to providing a comprehensive, forensically-sound solution that adheres to Cellebrite’s high standards, is fully tested, and is admissible in court.
Speaking about recent rumors, if Apple did remove the Lightning port from future iPhones, I wonder if it would defeat companies like Cellebrite. I’m not sure if they could still extract data via the wireless charger.
NYC And Cellebrite, Lightning Cables – TMO Daily Observations 2019-10-09
John Martellaro and Andrew Orr join host Kelly Guimont to discuss Cellebrite’s new partnership and other iPhone hacks like Lightning cables.