The internet is turned upside down with the latest news that Signal CEO Moxie Marlinspike has managed to hack one of the US police's favorite phone decryption tools. The news came first via a post on Signal's public blog .
This news is not only surprising because of the company's violation, but also because the CEO of Signal did not notify the company in advance of his discoveries, a practice that is usually the most common in the medium today.
In his position, the CEO of Signal stated that Cellebrite was surprisingly unprotected, and in addition, several possibilities were found to exploit other vulnerabilities.
This is because, as indicated in the blog post , Cellebrite vulnerabilities can be exploited in very dangerous ways. For example, software inside devices scanned by Israeli company tools can be used to filter the driver. This way, they can edit and combine already scanned documents, as well as documents that will come.
The scope of this vulnerability is much greater than what was initially seen. To demonstrate this, Signal's CEO explained that in the event that Cellebrite was hacked, the perpetrator could:
" (...) [Data change] in any arbitrary way (entering or deleting text, email, pictures, contacts, files, or any other data), without detectable changes to the timestamp or checksum failures. "
As a result, evidence from police cases will be hacked if someone else succeeds in duplicating Signal's CEO and hacking the Cellebrite tool. Hence, Marlinspike's advice is to avoid using these items until the vulnerabilities are addressed and fixed.
read also :
Comments
Post a Comment