Pages

Cellebrite Contains Weak Security and Is Open to Vulnerabilities According to Signal

Cellebrite is a digital forensics company which produces tools and devices that hack ad unlock into secured devices like iPhones and these tools are often used by the government and law agencies in order to find proof and clues which could be stored in a lock device for many crime cases. But did you know that the device which claims to be the one to unlock into other devices can be hacked itself?

Signal which is the secured messaging application company recently hacked into phone and unlocked a device by Cellebrite, revealing critical vulnerabilities that could be used against police investigators.

Upon a thorough search of the Cellebrite device, the company Signal revealed that there were several vulnerabilities in both the hacking hardware and software which could be used to run a malicious code on the machine to unlock devices and use all the stuff it gathers and according to the company the most chances of getting hacked will be a police or government investigator's machine.

According to the founder of Signal, Cellebrite hacking device needs to parse all types of untrusted data on the iPhone or other device being analyzed and though the software security has been known to have problems very little care has been given to it and this allows many opportunities for exploitation.

Some examples which show how Cellebrite is not working the best like it used to be that the Cellebrite system uses a Windows audio/video conversion software that was released in 2012. Since then, the software has been updated with more than 100 security fixes and none of these fixes have been updated which shows how much the software security has been neglected.

The Cellebrite device hacking product is provided with two software packages: UFED, which breaks through encryption to collect deleted or hidden data, and Physical Analyzer, which detects "trace events" for digital evidence collection and the question as to how the company Cellebrite breaks into devices is that it requires a special permission from Apple which it has taken before hand for all the devices.

This brings us to the question that is Cellebrite requires permission from Apple to unlock any of its device and Cellebrite devices are very much in the use of high law agencies and police enforcement then how did Signal got its and on the Cellebrite device?

Well, the CEO and founder of signal claims that him finding he device was truly a coincidence as he was walking home one day and a saw a package fall off a truck which contained latest versions of the Cellebrite software, a hardware dongle designed to prevent piracy and a bizarrely large number of cable adapters.

The founder and CEO of signal on this further said that the company will be willing to share details of the vulnerabilities only if Cellebrite shares the exploits they use to hack iPhones in return.

This is not the first time Cellebrite has been accused of having a weak functioning security system because back in 2017 the company's servers were hacked, which resulted in the leak of data and technical files about its products and since the company has not learned and updated and made their security system strong it is high time they do now.


Read next: Microsoft Again Is The Most Impersonated Brand For The First Quarter of 2021

No comments:

Post a Comment