Signal Developer Discovered Vulnerabilities in Cellebrite phone Jailbreak tool

The exploitation of the vulnerabilities allowed a technician to execute malicious code on a Windows computer used to analyze devices.


For years, the Israeli company Cellebrite has helped governments and police around the world hack confiscated mobile phones by exploiting vulnerabilities. Signal messaging app creator Moxie Marlinspike analyzed Cellebrite's software and reported vulnerabilities in a mobile jailbreak tool.

The exploitation of the vulnerabilities allowed a technician to execute malicious code on a Windows computer used to analyze devices. By including a specially formatted file in a device application that is then scanned by Cellebrite, you can run the code and modify not only the Cellebrite analysis report, but also any previous and future Cellebrite-generated reports. This can be done without any detectable time stamp changes or checksum failures.

Cellebrite provides two software packages - UFED overcomes blockages and encryption to collect deleted or hidden data, and Physical Analyzer detects digital evidence ("event tracking").

“As it turns out, the safety of the UFED and the Physical Analyzer has received little attention. There are no industry standard tools for protection against exploits, ”the expert explained.

One example of this lack of protection was the inclusion of Windows DLLs in FFmpeg's audio / video conversion software. The software was developed in 2012 and has not been updated since then. Over the past nine years, FFmpeg has received over 100 security updates, but none of the fixes are included in the FFmpeg software as part of Cellebrite's products.

Marlinspike also found two MSI installer packages digitally signed by Apple and apparently extracted from the iTunes installer for Windows. A Cellebrite spokesman did not answer whether the company's information security experts knew about the software vulnerabilities and whether they had permission to bundle Apple software.