I think we all know that MCIOs use Cellebrite UFED devices and software to conduct DFEs of an accused’s cell or smartphone.
Up until now, it seems, the DFE reports have been accepted as reliable and accurate so we do not often find ourselves litigating the reliability of the DFE reports.
Have circumstances changed which require more attention to the underlying forensic examination of the DFE? I ask because of a new report from Engadget, “Signal hacked Cellebrite’s phone hacking software used by law enforcement.”
The article suggests that Cellebrite has found a way to hack Signal, but also it tells us there may be a way to hack Cellebrite back.
After the cellphone hacking company Cellebrite said it had figured out a way to access the secure messaging app Signal, Signal said in a blog post that it has turned the tables. The app’s creator Moxie Marlinspike claimed that his team obtained Cellebrite’s hacking kit and discovered several vulnerabilities. He then implied that Signal will update the app to stymie any law enforcement attempts to hack it.
Cellebrite sells a suite of “data analysis devices” called UFED that allows law enforcement to break into iOS or Android phones and extract messaging logs, call records, photos and other data. The suite of hacking tools has reportedly been used used by the FBI to unlock iPhones in the past.
Cellebrite told Ars Technica that it “is is committed to protecting the integrity of our customers’ data, and we continually audit and update our software in order to equip our customers with the best digital intelligence solutions available.” Signal’s claims should be treated with some skepticism without seeing more details around the hack, along with confirmation by other security experts.
So for the moment, we do not know whether there are and what problems there may be with the reliability of Cellebrite or the reports generated in the DFE. But there is, or perhaps might now be a concern for those accused’s whose prosecution might be dependent on evidence obtained through a Cellebrite DFE. It might be something simple where Signal and others develop a counter to the Cellebrite ability to hack past Signal’s security and nothing more. If that is the case then the likely effect on the DFE reports is at worst negligible. On the other hand, if a further investigation shows that a person can hack Cellebrite and alter data for an individual DFE report then perhaps there may be cause for concern.