probably. cellebrite is really a police-level tool, and the people who worry about it are journalists, activists, and petty criminals, none of whom really have the resources to find or deploy something like this.
if a state agent is worried about this kind of thing they just carry a clean device, and for most of them if they are ever in a situation where their device is inspected, the game is already over.
> if a state agent is ... ever in a situation where their device is inspected, the game is already over.
(I don't think the above summarization alters the intent of your statement.)
IMO, if you're at "state agent" level, well, just about all the countries either have the manufacturing capacity, either locally or through agency partnership with ally countries, to construct devices capable of maintaining a clean the appearance even while being examined with very expensive equipment.
For example, you could probably do a lot if you could replace the 0th-stage bootloader in the NAND controller. And NAND is manufactured at such crazy scale, the one-off test runs probably wouldn't be all that expensive, and the turnaround time might even be weeks to days.
Well, to me that sounds like it would be a very juicy target for other nation states. Country A does not like country B, country B is known to often use these devices and many of their "victims" are persons of interest for country A's intelligence organizations. Those people know it so they don't travel to country A or take special precautions, but because country B is friendly, they don't do the same things. So country A puts the exploit to couple of people's phones and they travel to country B. Country B scans the devices and now the only issue country A has now is how they will exfiltrate the data without raising alarms.
> We are of course willing to responsibly disclose the specific vulnerabilities we know about to Cellebrite if they do the same for all the vulnerabilities they use in their physical extraction and other services to their respective vendors, now and in the future.
Cellebrite's terrible response is also noteworthy. Responding to claims of vulnerabilities by saying you "save lives" and don't sell to sanctioned countries shows how seriously they take security.
Sounds like cellbrite has a criminal investigation coming their way. While there is a chance that the code made its way to them in a way that they would only be civilly liable I find it hard to believe that there was not some action that delved into the criminal realm.
I worked for Apple 10+ years ago, and cellebrite was used by Apple Geniuses in Store for data recovery. It doesn't surprise me at all that here is Apple code in it.
Considering they use Cellebrite, do you think they were aware of the Apple assets being bundled but decided to say nothing as long as it wasn't made public? (i.e. as long as they did not have a copyright to defend or lose)
Apple make a big deal about being a privacy-focused company. Right now, Apple code is being used to invade people’s privacy. They “have to” address this or it becomes a PR issue for them.
Possibly. The spotlight is also now on Apple to explain if parts of iTunes is being used to incriminate persecuted groups (journalists, homosexuals, activists, etc) what are they going to do about it?
> In completely unrelated news, upcoming versions of Signal will be periodically fetching files to place in app storage. These files are never used for anything inside Signal and never interact with Signal software or data, but they look nice, and aesthetics are important in software. Files will only be returned for accounts that have been active installs for some time already, and only probabilistically in low percentages based on phone number sharding. We have a few different versions of files that we think are aesthetically pleasing, and will iterate through those slowly over time. There is no other significance to these files.
I assume those images are going to be for the benefit of somebody looking at data extracted through Cellebrite?
Probably they'll be the files that he talks about earlier which exploit the Cellebrite machine and fuck up all the reports. Or maybe it's just nothing.
If this isn't merely a joke, and these proposed files are intended to contain Cellebrite exploits of some kind, then please, Moxie, let us have an opt out?
As it stands, if law enforcement for some bizarre reason decide to examine my personal devices, there will be nothing on there of interest to them. If Signal start bundling exploits onto my device, that will no longer be the case. That's a potential risk to me, and Signal should be asking my permission before taking the risk.
Dont think of them as cellebrite exploits but as Signal security features.
Yes you have nothing to hide, but the police in many cases aren't honest. What if you live in the Middle east and are gay, you use signal, this protects you. Cellebrite are happy to sell their product to oppressive regeimes and if you are black the US police could be considered oppressors.
If you're being oppressed by a repressive regime, having a phone that damages the oppressor's infrastructure may not have a positive outcome for you, the individual.
"Hey, your phone corrupted our 'lawful' intrusion system. That violates a long list of statutes. We're going to beat you with this wrench now, because you made our day worse, and then charge you with crimes against the state."
If they will beat you with a wrench for that they will beat you regardless of what is in your phone. If they do find something they dont like you get hit with the wrench, if they don't find anything you must be hiding it so you get beat with the wrench.
So now we are saying don't protect yourself because if you do that would imply you have something to hide,and are therefore guilty and deserving of the wrench beating.
My concern is really, "Signal has a beef with Cellebrite, and so some unsuspecting and innocent person gets hit with a wrench."
It is a different game if Signal makes the sharding opt-in. If someone vacuums my phone and it turns out that my treatise about Little Bobby Tables [1] breaks the vacuum, that is fine by me.
In this (somewhat contrived) scenario where authorities are targeting your phone for surveillance solely to access a possible exploit file placed there by Signal, how would an opt-out option help you? Do you imagine that you could explain to the authorities that you opted out, and they would send you on your way? Or do you imagine that they would hold you personally responsible for the exploit, even though Signal has publicly taken credit for doing this?
I am outlining a hypothetical scenario where the authorities choose to look through my phone for ${UNRELATED_REASON}, and the presence of Signal's hypothetical exploit files would cause their digital forensics software to crash. In this hypothetical scenario, that crash in and of itself could then be taken as a reason to charge me. I don't believe "the app software maker selected my phone at random to have those files on it!" would help me out in that situation; that's the sort of nuance that tends to get completely lost.
The opt-out option would help me because, having opted out in advance, the hypothetical exploit files would not be on my phone.
I do agree that this is a slightly far-fetched scenario. However, I am very confused how HN can generally be of the opinion that having unwanted malware on your phone is a good thing, even if Signal put it there.
I think this is my first-ever comment on HN, and I'm basically just chiming in to say that under no circumstances should you even be talking to police in a situation like this. You can politely ask for a lawyer, politely ask if you're being detained and politely provide your basic information when asked like your name and address, but otherwise do not say anything at all.
This fantasy that you can get away from a situation in which you are being interrogated and your phone is being searched by being compliant and proving your innocence to the nice police officers is extremely dangerous. Being compliant and providing information beyond what's legally required is the exact opposite of what you want to do, and preventing yourself from being charged should be the last thing on your mind. You should take it as a given that you will be charged.
edit: If you're outside the USA ignore this advice and listen to someone more local who knows their stuff.
> cause their digital forensics software to crash.
Why would they make it crash the software though? There's no reason to do anything that's visible to the operator, perhaps it just alters data previously downloaded from other devices and then deletes itself. Or changes nothing other than adding a friendly file called moxie.says.hi.txt
there are plenty of things to fear in police custody and the police don’t need a reason like that for any of them. they will simply do it if they want.
Except there's no guarantee your phone will even contain a payload. Just the chance that some devices may have it, and there's no way to know for certain. And if they take in even one phone to scan that carries the exploit, it can make past, current and future evidence rendered untrustworthy. It's herd immunity via the prisoner's dilemma.
I assume most likely these are being used to defeat/render ineffective one of Cellebrite’s features. By having other (benign) data travel alongside your data... it makes it harder for an attacker to know what data is “useful”.
No... if you read the article carefully, the outline goes something like this:
1. We found a cellebrite kit that "dropped out from the back of a van" (yeah right lol)
2. Cellebrite is a tool to extract data out of phones (general intro to what Cellebrite is)
3. Looks like Cellebrite is using a bunch of open source libraries and they also use Apple DLLs (???!!!)
4. Oops looks like they are using like YEARS old libraries and there are hundreds of KNOWN vulnerabilities on each of those libraries.
5. Oops looks like the vulnerabilities allow ACE. Here's a demo where we placed a carefully crafted file with the ACE payload on a phone where if you just click the scan button on Cellebrite's software, you can do ACE (this is the video in the middle of the article)
6. (by the way for cellebrite users) this calls into question all data extracted with Cellebrite since these exploits are trivially exploitable. There are so many exploits possible so you can use any of them to create ACE attacks.
7. For COMPLETELY TOTALLY UNRELATED AESTHETIC REASONS we are putting some files on the Signal app. You're welcome!
---
to spell it out: yes, they are putting ACE payloads on Signal to try to crash investigators/spies/whatever trying to use Cellebrite on phones with the Signal app.
7 is actually a lot more subtle, I didn't get it at first. They're putting some files on some signal phones, somewhat randomly, and only those which seem like they've been in active normal use since before this disclosure. So likely none of the devices Cellbrite might own for testing, and no device Cellbrite might buy in the future, but some random set of existing devices in the field. And there might be multiple such files, so even if Cellbrite find one they can't be sure they've got them all.
Now assume these files are (as somewhat implied) exploits that cause the falsification of data in all current and future reports issued by a given Cellbrite device.
That means that if a Cellbrite has, after this point, ever scanned a phone with Signal installed it might be issuing false reports.
THAT means that there's a reasonable doubt in any evidence obtained by the use of a Cellbrite device, going forward. That gives an easy out to defense attorneys in the US, where Cellbrite devices are used by police to gather evidence.
Any defense attorney can now argue that evidence obtained from a Cellbrite shouldn't be admitted in court, since they don't maintain forensic integrity. This essentially spoils Cellbrite's entire business in the US (and any other country with similar standards for the admissibility of evidence).
So Cellbrite has to find ALL the exploits in their system, and be very, very sure they've not missed any. Because defense attorneys will then try to call that into doubt. Etc.
I saw the original post, but was unfamiliar with anything in the title. I chose to skip it. The title of this post sounded much more interesting to me, so I clicked on it today.
While not judging a book by the cover, this cover was definitely more attractive to my atention span.
I did exactly the same. Sometimes the title is relevant if you are already on the blog so you are aware of context, here though I missed it until I read about it elsewhere, then I can back to find the thread.
I understand, and of course all of us are subject to that mechanism, but we can't run HN that way (not that you're saying we should). Threads of the second freshness pointing to mediated sources that come out after HN has already had a major discussion—and sometimes even because HN has had a major discussion—fail the following heuristics:
but it's not even on the third page as far as i can see. Can you at least maybe transfer the thread and upvotes, or otherwise refloat it to at least the second page?
As impressive as the hack looks, we are putting trust in Signal that it’s real since they didn’t disclose the vulnerability and no one else has reproduced it. It could just be a clever attempt at socially engineering the public opinion of Cellebrite.
Even if they published the vulnerability, none of us could attempt to reproduce it anyway because the software isn't available. (I mean, unless another one falls off a truck. ;)
Public opinion of Cellebrite was already extremely low.
Even if that were true, those trade secrets will never be defended in open court. The best Cellebrite can do here is a PR campaign to downplay the veracity of this.
If signal was lying, it would probably be easy to prove (at the very least the version of ffmpeg included is easy to prove/disorove. Ditto on the apple libraries).
Honestly, i would be very surprised if cellebrite didn't have massive vulns. Its the type of software that always does.
Haven't even clicked the link, but didn't the original post say it's not even a "cracking" tool, it just extracts backups via the supported backup methods?
Not my area of expertise, but the typical use case given in the Signal blog post supposes an "unlocked device in your hands" --
> ...One way to think about Cellebrite’s products is that if someone is physically holding your unlocked device in their hands, they could open whatever apps they would like and take screenshots of everything in them to save and go over later. Cellebrite essentially automates that process for someone holding your device in their hands.
It's very carefully worded ("One way...") to not exclude unlocking without password, though. Perhaps Cellebrite also has password guessing capability?
Historically, Cellebrite devices included exploit code that could unlock most types of phone.[1] I don't know how well modern versions of iOS and Android are supported in that regard.
I would prefer not to let Signal casually guide the press cycle's attention away from the fact that they're still planning on shipping a cryptocurrency grift to exploit end users. Don't forget that Signal is a corrupt organization.
First I’ve heard of it. If your goal is to keep that topic in the collective mind, don’t you think you should provide some link or context or something for the people who have no clue what on earth you’re talking about?
"Falling off a truck" is usually a euphemism for obtaining something through nefarious ways. He probably got it from a friend in the police department or something similar.
so i think. The means through which the device was obtained must have conformed to at least the barest definition of the word 'legal'. I think so for the purely logical reason that signal wouldn't be crowing like a rooster over stolen property. Though obviously, they didn't exactly walk into cellebrite and request a <whatever it was> by the front desk....
what's to prevent Apple from doing something like this directly within the OS? Negative publicity? Would it be considered negative? Is it scorched earth?
My 65 year old mother and I use Signal as we live across the planet from each other.
She's due for a new phone soon, and the cell companies use Cellebrite to transfer data from one phone to another.
She will almost certainly want them to do it as I'm not there to help her in person.
What happens when Signal shards to her device and uses it as a weapon against the machine and her phone is bricked or she's liable for the machine's costs or our entire history is deleted or something just as destructive?
Please don't force your threat model down our throats. Your hacktivism is not my hacktivism. This shit better be opt-in.
You're fabricating complications which don't make any technical sense as a justification to be angry about this basically harmless gesture. If you are that averse to the idea of being even remotely complicit in jamming the surveillance state, just don't use Signal.
Firstly, never has it been a requirement to "jam the surveillance state" to be a user of Signal. That's absolutely bananas.
Did you read the text at the bottom of the post? They are randomly installing malware on users' devices to break or harm or otherwise self-destruct when Cellebrite machines read them.
I'm not speaking for myself. I would opt in personally. I'm speaking for my mother who just wants a secure and reliable line of communication with her son without being pulled into some offensive scheme that could land HER in trouble or cause damages.
If something is broken or destroyed without user knowledge or understanding or consent, you better believe Signal will see court cases.
Name another privacy respecting application that can do calling and video between two phones with e2ee and is simple enough for a 65 year old non-tech-savvy woman to use. I'll switch her over immediately.
The exploit targets Cellebrite, not Signal's own software. Cellebrite is running on the machine doing the extracting and not the device containing the original data.
It's entirely possible that I'm wrong and this will cause your phone to explode, but if you don't trust the Signal developers enough to assume they won't intentionally explode your phone, you probably shouldn't be using their product.
My reading is that the owner of any device the provider previously plugged in to could exfiltrate your mother's data by installing a persistent backdoor. Since this is a phone, I assume this includes email, passwords, etc. and they could use this data to e.g. access your mother's financial accounts. This is a fantastic vector for criminals.
Signal is providing a strong, albeit rude (likely in response to Cellebrite's claims), incentive to fix their shit. Would you rather have a temporary period where transfers weren't working, or deal with the scenario above in a year?
If that were the case, fine. But the post does not specify the effect of the "aesthetically pleasing" files. They could destroy all Signal data or irreversibly harm the machine itself.
We just have to "trust" the Signal devs to not do that?
Huh? Don't you trust the Signal devs to not destroy all Signal data every day?
You're trusting the Signal devs to your keep messages safe and secure. I don't know if that means wiping all messages when accessed via Cellebrite, but that seems like a reasonable option. My assumption would be that they will just crash or brick the Cellebrite software. Either way and completely independently of the aesthetically pleasing files, if you disagree with the choices Signal makes to keep your messages safe and secure, there are many other messaging options that you can use.
Publicly calling out big security problems is exactly how security should work (notwithstanding specifics of disclosure).
Because when my mother has to transfer her phone, she'll then be liable for thousands of dollars of damage to their property, and she'd otherwise have no idea why.
That's the problem. The fact nobody sees the effects of this is absolutely surreal and alarming.
I’m not sure how your judicial system works but, in my country you can’t be hold responsible for something that “you have no idea why”. That’s not how liability works.
I think what you're missing is that Signal does not need to place any files on any phones for their purpose, and likely will not ever do so.
Their intention is to render using Cellebrite for court evidence worthless by suggesting that the record could have been tampered with at any point, if any phone the user scanned had Signal on it.
Proving that no phones ever had an 'aesthetic' file that could cause damage to Cellebrite is impossible, and they've provided clear reason why it is impossible to prove.
Maybe, but an app that does what Moxie suggests is malware in my book.
I don't think Signal will do that though, if it does, it will most likely get kicked out of every store and the company will most likely end up in well-deserved legal trouble, as if MOB wasn't shady enough...
As someone else said, it is more likely to be a way to discredit evidence extracted by Cellebrite.
cellebrite is exactly the kind of threat signal is intended to foil. if you want cellebrite reading your messages, you are not the target userbase of signal. this is like complaining that “rm” deleted your files.
Even if I am not the target userbase of Signal, which is partly true, by using it, I benefit those who really need it for its privacy features.
The millions of users like me who do nothing sensitive with it add bulk to traffic, making it harder to single out "interesting" data. I mean, for example, if only criminals used Signal, just having the app will get you a lot of attention from the police, as it happened with Encrochat.
There are better ways to transfer contacts and photos. You trust the cell company to do it? To not maintain your / her data? To not share with law enforcement? Your threat model may be different than you realize.
Ask her to uninstall it before going for upgrade. Then reinstall it remotely by using Google App store online - you can push installations to specific handset on the account.
Not a single mention of carrier or consumer tools, but lots about analyzing your data.
I guess your cell phone company feeds every cell phone they work on to some centralized data repository (out of jurisdiction of your current locale) to be analyzed is what sounds like is going on.
You've not done enough research then. Cellebrite has been around for ages. When I worked at radioshack, we would use them to transfer data from old phones to new ones. They did not connect to the internet at the time.
These machines are still used for this purpose. I don't doubt they're also used for surveillance or tracking. But they're not only used for that.
You're speculating as to what the phone companies do with the machines, especially given that it would be incredibly illegal to do so and trivial to whistleblow and thus a huge risk to the companies to do this on a widespread basis. Please provide proof instead of contributing to hysteria.
All of this could be avoided if you were part of a different network.
One where you can connect with several open source clients to the server, and choose a client that didn't behave like this.
One where you could save your history from the client, if you wished to do so.
You chose to get into a captive ecosystem; Signal's code-dump "look but don't touch" (well, clientside, serverside was closed source for a year). Signal's "our way or the highway".
Signal isn't going to do that. They just said they could do that. If you look at how they worded it, they could just drop empty files that literally do nothing (even to Cellebrite).
As we seem to be discussing the Gizmodo article in addition to the post from Moxie, I'm going to copy & paste my thoughts from the other thread:
While this report is entertaining to read, I have to wonder about possible downstream repercussions of the implications within the last paragraph; if you're in police custody or worse and your Signal app contains some 'aesthetically pleasing files' that interfere with the authoritarian software, it's likely going to be your ass on the line for all sorts of charges.
Don't get me wrong, the implication is enough to discredit Cellebrite, but my initial thoughts are that either this bluff gets called, or there's a non-zero risk of someone landing in even hotter water down for using Signal. Of course, this assumes that you're not already neck-deep for having encrypted data and upholding your right to privacy.
I don't see why it would be your fault. You or your lawyer can point to this very blog post to demonstrate that any interference with Cellebrite was not intentional on your part.
Could a party not argue that knowingly using software with functionality that interfered with tools such as Cellebrite was an offence of some sort? I would hope that such a take wouldn't stand, but technology laws can be pretty archaic- see exporting cryptographic software.
If using signal opens you up to more trouble because it interferes with an authoritarian regimes power over you, then signal and what it does to a cellebrite device is hardly a primary concern.
If you live in a country with the rule of law, then just using an app doesn't make you guilty of anything. The fact the this security feature has been publicly declared puts the onus on cellebrite and the police using their devices, to ensure relevant patches are applied at their end to prevent these features from working. These devices are already bypassing android and iOS security features to do what they do, this is no different.
To me these files are essentially similar to a passcode on a device.
This is a tough one for me. Feels a little tit-for-tat. I don't support cellebrite. But seems like cellebrite was off the radar for Signal until it recently added Signal support. Beyond advertising I'm not sure what this all accomplishes - probably a better cellebrite product.
I'd say if Signal wanted to have an impact then silently adding support that breaks cellebrite would be more effective.
This only breaks capabilities of whomever else has the outdated package. Callebrite no doubt has kept up to date. The "van" this dropped from was probably a garbage truck
127 comments
[ 3.4 ms ] story [ 213 ms ] threadDo you think Signal is the first or only one to set traps for Cellebrite?
if a state agent is worried about this kind of thing they just carry a clean device, and for most of them if they are ever in a situation where their device is inspected, the game is already over.
(I don't think the above summarization alters the intent of your statement.)
IMO, if you're at "state agent" level, well, just about all the countries either have the manufacturing capacity, either locally or through agency partnership with ally countries, to construct devices capable of maintaining a clean the appearance even while being examined with very expensive equipment.
For example, you could probably do a lot if you could replace the 0th-stage bootloader in the NAND controller. And NAND is manufactured at such crazy scale, the one-off test runs probably wouldn't be all that expensive, and the turnaround time might even be weeks to days.
it's widely used by phone-shop- and carrier service staff to migrate data.
https://signal.org/blog/cellebrite-vulnerabilities/
Love it.
I assume those images are going to be for the benefit of somebody looking at data extracted through Cellebrite?
As it stands, if law enforcement for some bizarre reason decide to examine my personal devices, there will be nothing on there of interest to them. If Signal start bundling exploits onto my device, that will no longer be the case. That's a potential risk to me, and Signal should be asking my permission before taking the risk.
Yes you have nothing to hide, but the police in many cases aren't honest. What if you live in the Middle east and are gay, you use signal, this protects you. Cellebrite are happy to sell their product to oppressive regeimes and if you are black the US police could be considered oppressors.
"Hey, your phone corrupted our 'lawful' intrusion system. That violates a long list of statutes. We're going to beat you with this wrench now, because you made our day worse, and then charge you with crimes against the state."
So now we are saying don't protect yourself because if you do that would imply you have something to hide,and are therefore guilty and deserving of the wrench beating.
It is a different game if Signal makes the sharding opt-in. If someone vacuums my phone and it turns out that my treatise about Little Bobby Tables [1] breaks the vacuum, that is fine by me.
[1] https://xkcd.com/327/
If they make it opt-in then surely that is worse for the user. Then the oppressive regime can say "you deliberately did this thing".
I am outlining a hypothetical scenario where the authorities choose to look through my phone for ${UNRELATED_REASON}, and the presence of Signal's hypothetical exploit files would cause their digital forensics software to crash. In this hypothetical scenario, that crash in and of itself could then be taken as a reason to charge me. I don't believe "the app software maker selected my phone at random to have those files on it!" would help me out in that situation; that's the sort of nuance that tends to get completely lost.
The opt-out option would help me because, having opted out in advance, the hypothetical exploit files would not be on my phone.
I do agree that this is a slightly far-fetched scenario. However, I am very confused how HN can generally be of the opinion that having unwanted malware on your phone is a good thing, even if Signal put it there.
This fantasy that you can get away from a situation in which you are being interrogated and your phone is being searched by being compliant and proving your innocence to the nice police officers is extremely dangerous. Being compliant and providing information beyond what's legally required is the exact opposite of what you want to do, and preventing yourself from being charged should be the last thing on your mind. You should take it as a given that you will be charged.
edit: If you're outside the USA ignore this advice and listen to someone more local who knows their stuff.
Why would they make it crash the software though? There's no reason to do anything that's visible to the operator, perhaps it just alters data previously downloaded from other devices and then deletes itself. Or changes nothing other than adding a friendly file called moxie.says.hi.txt
1. We found a cellebrite kit that "dropped out from the back of a van" (yeah right lol)
2. Cellebrite is a tool to extract data out of phones (general intro to what Cellebrite is)
3. Looks like Cellebrite is using a bunch of open source libraries and they also use Apple DLLs (???!!!)
4. Oops looks like they are using like YEARS old libraries and there are hundreds of KNOWN vulnerabilities on each of those libraries.
5. Oops looks like the vulnerabilities allow ACE. Here's a demo where we placed a carefully crafted file with the ACE payload on a phone where if you just click the scan button on Cellebrite's software, you can do ACE (this is the video in the middle of the article)
6. (by the way for cellebrite users) this calls into question all data extracted with Cellebrite since these exploits are trivially exploitable. There are so many exploits possible so you can use any of them to create ACE attacks.
7. For COMPLETELY TOTALLY UNRELATED AESTHETIC REASONS we are putting some files on the Signal app. You're welcome!
---
to spell it out: yes, they are putting ACE payloads on Signal to try to crash investigators/spies/whatever trying to use Cellebrite on phones with the Signal app.
7 is actually a lot more subtle, I didn't get it at first. They're putting some files on some signal phones, somewhat randomly, and only those which seem like they've been in active normal use since before this disclosure. So likely none of the devices Cellbrite might own for testing, and no device Cellbrite might buy in the future, but some random set of existing devices in the field. And there might be multiple such files, so even if Cellbrite find one they can't be sure they've got them all.
Now assume these files are (as somewhat implied) exploits that cause the falsification of data in all current and future reports issued by a given Cellbrite device.
That means that if a Cellbrite has, after this point, ever scanned a phone with Signal installed it might be issuing false reports.
THAT means that there's a reasonable doubt in any evidence obtained by the use of a Cellbrite device, going forward. That gives an easy out to defense attorneys in the US, where Cellbrite devices are used by police to gather evidence.
Any defense attorney can now argue that evidence obtained from a Cellbrite shouldn't be admitted in court, since they don't maintain forensic integrity. This essentially spoils Cellbrite's entire business in the US (and any other country with similar standards for the admissibility of evidence).
So Cellbrite has to find ALL the exploits in their system, and be very, very sure they've not missed any. Because defense attorneys will then try to call that into doubt. Etc.
Exploiting vulnerabilities in Cellebrite UFED and Physical Analyzer - https://news.ycombinator.com/item?id=26891811 - April 2021 (293 comments and counting)
While not judging a book by the cover, this cover was definitely more attractive to my atention span.
We downweight follow-ups that don't contain significant new information: https://hn.algolia.com/?dateRange=all&page=0&prefix=true&sor... and https://hn.algolia.com/?dateRange=all&page=0&prefix=false&so...
Repetition is not good for curiosity: https://hn.algolia.com/?dateRange=all&page=0&prefix=false&so...
Front page is the scarcest resource: https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...
... and no doubt a bunch of others.
As impressive as the hack looks, we are putting trust in Signal that it’s real since they didn’t disclose the vulnerability and no one else has reproduced it. It could just be a clever attempt at socially engineering the public opinion of Cellebrite.
I posted a more detailed analysis on the original story: https://news.ycombinator.com/item?id=26898638
Public opinion of Cellebrite was already extremely low.
If so, that sounds potentially libelous (IANAL).
"There's nothing to see here, folks!"
Honestly, i would be very surprised if cellebrite didn't have massive vulns. Its the type of software that always does.
> As just one example (unrelated to what follows), their software bundles FFmpeg DLLs that were built in 2012 and have not been updated since then.
This purported vulnerability is not related to FFmpeg in any way, hence the disclaimer.
> ...One way to think about Cellebrite’s products is that if someone is physically holding your unlocked device in their hands, they could open whatever apps they would like and take screenshots of everything in them to save and go over later. Cellebrite essentially automates that process for someone holding your device in their hands.
It's very carefully worded ("One way...") to not exclude unlocking without password, though. Perhaps Cellebrite also has password guessing capability?
[1] https://www.wired.com/story/cellebrite-ufed-ios-12-iphone-ha...
She's due for a new phone soon, and the cell companies use Cellebrite to transfer data from one phone to another.
She will almost certainly want them to do it as I'm not there to help her in person.
What happens when Signal shards to her device and uses it as a weapon against the machine and her phone is bricked or she's liable for the machine's costs or our entire history is deleted or something just as destructive?
Please don't force your threat model down our throats. Your hacktivism is not my hacktivism. This shit better be opt-in.
This is incredibly unethical.
Did you read the text at the bottom of the post? They are randomly installing malware on users' devices to break or harm or otherwise self-destruct when Cellebrite machines read them.
I'm not speaking for myself. I would opt in personally. I'm speaking for my mother who just wants a secure and reliable line of communication with her son without being pulled into some offensive scheme that could land HER in trouble or cause damages.
If something is broken or destroyed without user knowledge or understanding or consent, you better believe Signal will see court cases.
It's entirely possible that I'm wrong and this will cause your phone to explode, but if you don't trust the Signal developers enough to assume they won't intentionally explode your phone, you probably shouldn't be using their product.
Signal is providing a strong, albeit rude (likely in response to Cellebrite's claims), incentive to fix their shit. Would you rather have a temporary period where transfers weren't working, or deal with the scenario above in a year?
If that were the case, fine. But the post does not specify the effect of the "aesthetically pleasing" files. They could destroy all Signal data or irreversibly harm the machine itself.
We just have to "trust" the Signal devs to not do that?
This is not how security should work.
You're trusting the Signal devs to your keep messages safe and secure. I don't know if that means wiping all messages when accessed via Cellebrite, but that seems like a reasonable option. My assumption would be that they will just crash or brick the Cellebrite software. Either way and completely independently of the aesthetically pleasing files, if you disagree with the choices Signal makes to keep your messages safe and secure, there are many other messaging options that you can use.
Publicly calling out big security problems is exactly how security should work (notwithstanding specifics of disclosure).
That's the problem. The fact nobody sees the effects of this is absolutely surreal and alarming.
If you don't know how to pay your taxes, you're still required to pay your taxes.
Their intention is to render using Cellebrite for court evidence worthless by suggesting that the record could have been tampered with at any point, if any phone the user scanned had Signal on it.
Proving that no phones ever had an 'aesthetic' file that could cause damage to Cellebrite is impossible, and they've provided clear reason why it is impossible to prove.
I don't think Signal will do that though, if it does, it will most likely get kicked out of every store and the company will most likely end up in well-deserved legal trouble, as if MOB wasn't shady enough...
As someone else said, it is more likely to be a way to discredit evidence extracted by Cellebrite.
The millions of users like me who do nothing sensitive with it add bulk to traffic, making it harder to single out "interesting" data. I mean, for example, if only criminals used Signal, just having the app will get you a lot of attention from the police, as it happened with Encrochat.
As it stands, Signal is more of a threat to her well being than anything else.
Not a single mention of carrier or consumer tools, but lots about analyzing your data.
I guess your cell phone company feeds every cell phone they work on to some centralized data repository (out of jurisdiction of your current locale) to be analyzed is what sounds like is going on.
These machines are still used for this purpose. I don't doubt they're also used for surveillance or tracking. But they're not only used for that.
You're speculating as to what the phone companies do with the machines, especially given that it would be incredibly illegal to do so and trivial to whistleblow and thus a huge risk to the companies to do this on a widespread basis. Please provide proof instead of contributing to hysteria.
You chose to get into a captive ecosystem; Signal's code-dump "look but don't touch" (well, clientside, serverside was closed source for a year). Signal's "our way or the highway".
While this report is entertaining to read, I have to wonder about possible downstream repercussions of the implications within the last paragraph; if you're in police custody or worse and your Signal app contains some 'aesthetically pleasing files' that interfere with the authoritarian software, it's likely going to be your ass on the line for all sorts of charges.
Don't get me wrong, the implication is enough to discredit Cellebrite, but my initial thoughts are that either this bluff gets called, or there's a non-zero risk of someone landing in even hotter water down for using Signal. Of course, this assumes that you're not already neck-deep for having encrypted data and upholding your right to privacy.
If you live in a country with the rule of law, then just using an app doesn't make you guilty of anything. The fact the this security feature has been publicly declared puts the onus on cellebrite and the police using their devices, to ensure relevant patches are applied at their end to prevent these features from working. These devices are already bypassing android and iOS security features to do what they do, this is no different.
To me these files are essentially similar to a passcode on a device.
I'd say if Signal wanted to have an impact then silently adding support that breaks cellebrite would be more effective.