Cellebrite news

|

I think we all know that MCIOs use Cellebrite UFED devices and software to conduct DFEs of an accused’s cell or smartphone.

Up until now, it seems, the DFE reports have been accepted as reliable and accurate so we do not often find ourselves litigating the reliability of the DFE reports.

Have circumstances changed which require more attention to the underlying forensic examination of the DFE? I ask because of a new report from Engadget, “Signal hacked Cellebrite’s phone hacking software used by law enforcement.”

(Signal is now a common application for texting, phone calls, and is purported to be pretty secure from prying eyes and ears. There are other “secure” applications out there such as Protonmail.)

The article suggests that Cellebrite has found a way to hack Signal, but also it tells us there may be a way to hack Cellebrite back.

After the cellphone hacking company Cellebrite said it had figured out a way to access the secure messaging app Signal, Signal said in a blog post that it has turned the tables. The app’s creator Moxie Marlinspike claimed that his team obtained Cellebrite’s hacking kit and discovered several vulnerabilities. He then implied that Signal will update the app to stymie any law enforcement attempts to hack it.

Cellebrite sells a suite of “data analysis devices” called UFED that allows law enforcement to break into iOS or Android phones and extract messaging logs, call records, photos and other data. The suite of hacking tools has reportedly been used used by the FBI to unlock iPhones in the past.

Cellebrite cautions,

Cellebrite told Ars Technica that it “is is committed to protecting the integrity of our customers’ data, and we continually audit and update our software in order to equip our customers with the best digital intelligence solutions available.” Signal’s claims should be treated with some skepticism without seeing more details around the hack, along with confirmation by other security experts.

So for the moment, we do not know whether there are and what problems there may be with the reliability of Cellebrite or the reports generated in the DFE. But there is, or perhaps might now be a concern for those accused’s whose prosecution might be dependent on evidence obtained through a Cellebrite DFE. It might be something simple where Signal and others develop a counter to the Cellebrite ability to hack past Signal’s security and nothing more. If that is the case then the likely effect on the DFE reports is at worst negligible. On the other hand, if a further investigation shows that a person can hack Cellebrite and alter data for an individual DFE report then perhaps there may be cause for concern.

Contact Information
1629 K St NW
#300
Washington, DC 20006
Phone: 703-298-9562Toll Free: 800-401-1583Fax: 703-997-6076

This site is for the trial practitioner (the military lawyer) of military justice, and for the information of U.S. active duty, Guard, and reserve service-members, their spouses and their families. Our goal is to focus on trial practice issues in cases arising under the UCMJ and being tried at court martial. We hasten to add that nothing on this blog should be taken as specific legal advice for a specific client.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Please do not include any confidential or sensitive information in a contact form, text message, or voicemail. The contact form sends information by non-encrypted email, which is not secure. Submitting a contact form, sending a text message, making a phone call, or leaving a voicemail does not create an attorney-client relationship.

Copyright © 2014 – 2024, The Law Office of Philip D. Cave
JUSTIA Law Firm Blog Design