Signal's Creator Hacked Into Forensics' Intelligence Firm Software

The creator of the Signal messaging app just hacked into the digital intelligence firm Cellebrite's software, sharing his exploits on the company's blog. 

Cellebrite's smartphone cracking tool has been used for years by intelligence firms and police authorities around the world to break into confiscated smartphones — at times, in questionable circumstances. The software recently helped uncover the suspects in a child murder case in Brazil, for example. 

However much Cellebrite focuses on cracking the codes of devices, it looks like its own security measures leave a lot to be desired, as Signal's CEO Moxie Marlinspike demonstrated. 

The main worry, as Marlinspike explained, is that once cracked into, Cellebrite's software can easily be manipulated — which could change the outcome of certain criminal investigations. He proved his point by loading and embedding specifically formatted files into any app of the cracked device.

As Marlinspike wrote himself, "There are virtually no limits on the code that can be executed."

Our latest blog post explores vulnerabilities and possible Apple copyright violations in Cellebrite's software:

"Exploiting vulnerabilities in Cellebrite UFED and Physical Analyzer from an app's perspective"https://t.co/DKgGejPu62 pic.twitter.com/X3ghXrgdfo

— Signal (@signalapp) April 21, 2021

He continued by detailing exactly what was possible once he got past Cellebrites security, "For example, by including a specially formatted but otherwise innocuous file in an app on a device that is then scanned by Cellebrite, it’s possible to execute code that modifies not just the Cellebrite report being created in that scan, but also all previous and future generated Cellebrite reports from all previously scanned devices and all future scanned devices in any arbitrary way (inserting or removing text, email, photos, contacts, files, or any other data), with no detectable timestamp changes or checksum failures."

"This could even be done at random, and would seriously call the data integrity of Cellebrite’s reports into question," he explained. 

Drawing inspiration from the 1995 movie Hackers, Marlinspike shared a short video on Twitter to show just how simple the entire hacking process was for him — and surely for other hackers out there, too. 

He doesn't stop there, as in the blog Marlinspike also points out that some of Cellebrite's code is allegedly Apple's intellectual property, which could bring up a storm of legal issues for the intelligence firm if the news is found to be true. 

Perhaps Marlinspike's actions were in retaliation to Cellebrite's blog post from December 2020 explaining how it had parsed Signal on a screen-locked Android device, or perhaps he did it for the pure fun of it. Regardless of the reasons, Cellebrite might have a few words of their own to add to the mix.