Connect with us

Security

Cellebrite’s high-tech hacking tools that are used by police are super-easy to hack

Who hacks the hackers?

Cellebrite hacking tool
Image: KnowTechie

You might have heard of Israel-based hackers-for-hire Cellebrite, who create smartphone hacking tools that then get used by law enforcement and government agencies worldwide, as well as repressive regimes and other unsavory characters

Well, it seems that their “security products” have no real security themselves, as outlined in a scathing blog post by Signal’s founder, Moxie Marlinspike.

Signal got hold of a Cellebrite UFED device, and their analysis showed some serious security issues, where “industry-standard exploit mitigation defenses [are] missing,” with multiple opportunities to exploit the device.

You can see some of those hacks in action below, with Signal showing the UFED device showing a benign message from the 90s movie, Hackers, as a proof of concept. In reality, the vulnerability that led to that message could let any payload run on the UFED, potentially corrupting every scan that device had in memory from other smartphones, or even planting faked evidence.

With the vulnerability only needing the UFED to read a file on the device, anyone with the technical know-how could keep a self-destruct file on their device in case it ever ends up in the hands of Cellebrite or any organization/agency that uses their services.

That could go even further, as Phobos Group founder Dan Tentler says this method could be used to infect a government agency, by baiting them into “reading a phone loaded with the exploit,” which would then be transferred to a networked computer to read the files the Cellebrite device pulled off the phone. Yikes.

Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Follow us on Flipboard, Google News, or Apple News

Maker, meme-r, and unabashed geek with nearly half a decade of blogging experience. If it runs on electricity (or even if it doesn't), Joe probably has one around his office somewhere. His hobbies include photography, animation, and hoarding Reddit gold.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

More in Security