Mobile hacking tool maker Cellebrite, an Israeli company, said its tool can now hack the Signal app, which is considered tamper-proof.Cellebrite’s hacking tools are used by law enforcement and intelligence agencies around the world. In addition, several school districts in the United States are also recently reported to be a customer of Cellebrite.
The company has repeatedly been accused of selling tracking technologies to totalitarian regimes and countries convicted of human rights violations. Following media reports that Cellebrite’s technology was being used by Chinese authorities to spy on Hong Kong activists, the company promised to no longer sell its products to China.
“Cellebrite, the global leader in Digital Intelligence (DI) solutions for public and private sectors, announced today that effective immediately it will stop selling its solutions and services to customers in Hong Kong and China”, — said in the company’s official statement.
Cellebrite’s flagship product is the Universal Forensic Extraction Device (UFED) hardware and software complex, which allows extracting data from any mobile device. The second product, Physical Analyzer, is designed to analyse information extracted from the smartphones.
Last week, the company announced the addition of a new feature to the Physical Analyzer that allows decrypting data received from the Signal messenger.
As a reminder, we also reported that Vulnerability in Signal messenger allows spying on users.
In an earlier, now deleted, version of the blog post, Cellebrite stated the following:
“Decrypting messages and attachments in Signal has been challenging. Building new capabilities from scratch required extensive research in many areas. However, regarding Cellebrite, finding new ways to help those who make our world safer is something we dedicate ourselves to every day.”
The original version of the publication provided a detailed explanation of how Cellebrite “hacked the code” – it analysed the open source Signal protocol and used it against the messenger.
“Since to protect users (Signal – ed.) encrypts almost all of its metadata, authorities are making efforts to require developers of encrypted software to include a ‘backdoor’ that allows them access to user data. Until such agreements are reached, Cellebrite will continue to work diligently with law enforcement to enable agencies to decrypt and decode data from the Signal app”, – noted the developers of Cellebrite.
However, as reported by the London-based news agency Middle East Eye, things aren’t really that bad.
According to Etienne Maynier, a specialist at the human rights organization Amnesty International, Cellebrite’s technology is by no means revolutionary. In order to extract data from Signal, authorities need physical access to a device that is unlocked with a passcode, Touch ID, or face scanner. It can be obtained in two ways: either by asking the owner of the device to unlock it, or by hacking the device using technical means.
And when the device is unlocked, it is possible to access any data, including Signal, simply by opening the messenger.
Let me remind you that recently Cellebrite Company said that they are capable to unlock any iOS-device and many devices on Android.