NEW!Enroll into our new Ethical Hacking Playlist. Watch Now

[quads id=1]

Hackers NewsNews

Know how Signal’s founder hacked a Phone-Cracking Device

2 Mins read
[quads id=3]

Signal, the messaging app turned the tables for the cellphone hacking company Cellebrite. Moxie Marlinspike, the creator of Signal said that they found Cellebrite’s hacking kit and also discovered several vulnerabilities. He then said that they will update the app to stymie any law enforcement attempts to hack it.

What is Cellebrite ?

Cellebrite is an organization, Israel based. It is a digital forensic company that provides tools for collection, analysis and management of digital files.

“Looking at both UFED and Physical Analyzer, though, we were surprised to find that very little care seems to have been given to Cellebrite’s own software security,” Marlinspike wrote. “Industry-standard exploit mitigation defenses are missing, and many opportunities for exploitation are present.”

Marlinspike said about Cellebrite


He said that the DLLs were very old and outdated. It included a 2012 version of FFmpeg and MSI Windows installer packages for Apple’s iTunes program. “Looking at both UFED and Physical Analyzer, though, we were surprised to find that very little care seems to have been given to Cellebrite’s own software security,” he wrote.

Signal’s team found that by including “specially formatted but otherwise innocuous files in any app on a device” scanned by Cellebrite, it could run code that modifies the UFED report.

What does the Hacking System do ?

Th Cellebrite hacking system might insert malicious texts or remove important messages. It can do the same with email, photos, contacts and other data while leaving no clue of them playing with those.

In this tweet they demonstrated in a fun way how Cellebrite hacks. The company said that “a real exploit payload would likely seek to undetectably alter previous reports, compromise the integrity of future reports, or exfiltrate data from the Cellebrite machine.”

A Cellebrite representative wrote an email stating, “Cellebrite is committed to protecting the integrity of our customers’ data, and we continually audit and update our software in order to equip our customers with the best digital intelligence solutions available.” The representative state anything saying that if the company engineers knew about the vulnerabilities that Marlinspike found.

It would make such updates for Signal which would not let Cellebrite compromise into the servers of Signal, the messaging app

Marlinspike said

Marlinspike said in a mocking manner that he found the Cellebrite gear in a “truly unbelievable coincidence” as he was walking and “saw a small package fall off a truck ahead of me.” It is a shocking incident.

Marlinspike denied to provide us with additional information about how exactly the Cellebrite tools came into his possession.

7 posts

About author
Dipsikha Bhattacharya is first year psychology student at Indian institute of Psychology and Research, working here as a content writer, also owns an Instagram page for writings and aspires to be a writer and a psychologist.
Articles
    Related posts
    Ethical Hacking CourseHackers News

    Master Google Dorking/Hacking: Unleash the Power of Google Search Hacking

    6 Mins read
    Introduction In the ever-expanding digital landscape, information is key. And when it comes to uncovering hidden data, vulnerabilities, or sensitive information, Google…
    Ethical HackingHackers News

    How to Set-Up VPN Chaining: The Ultimate Guide

    14 Mins read
    In today’s interconnected world, online privacy and security have become paramount concerns. Many Internet users turn to Virtual Private Networks (VPNs) to…
    Hackers News

    VPN Chaining: Enhancing Privacy and Security in the Digital Age

    4 Mins read
    About VPN chaining In today’s digital landscape, where cyber threats are on the rise, ensuring the privacy and security of our online…

    1 Comment

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    ×
    Cyber CrimeEthical HackingHackers News

    Why do Hackers Hack: InfoSec Insights