Encrypted chat app Signal suggested in a blog post published on Wednesday that products sold to law enforcement from Israeli surveillance provider Cellebrite can easily be sabotaged.
Cellebrite DI, which specialises in helping law enforcement and intelligence agencies copy call logs, texts, photos, and other data off of smartphones, has repeatedly come under fire for past sales to authoritarian governments, including Russia and China.
Signal, a privacy-focused app eager to show the lengths it goes to protect users’ conversations, clashed with Cellebrite last year when the Israeli company said its equipment was upgraded to allow law enforcement to scoop up Signal messages from devices in their possession.
Signal creator and CEO Moxie Marlinspike said in his blog post on Wednesday he had come into possession of a bag of Cellebrite equipment and examined the gear inside.
He was “surprised to find that very little care seems to have been given to Cellebrite’s own software security,” Marlinspike said, noting it would be easy to add a specially crafted file onto a phone that would derail Cellebrite’s functionality.
In a statement, Cellebrite did not directly address Marlinspike’s claim but said that the company’s employees “continually audit and update our software in order to equip our customers with the best digital intelligence solutions available.”
Elsewhere in his blog post, Marlinspike alleged he had found snippets of code from Apple inside Cellebrite’s software, something he said “might present a legal risk for Cellebrite and its users” if it was done without authorisation.
Apple did not immediately respond to a request for comment.
Signal’s allegations come as Cellebrite prepares to go public through a merger with a blank-check firm, valuing the equity of the combined company at around $2.4 billion (roughly Rs. 17,980 crores).
© Thomson Reuters 2021
Is OnePlus 9R old wine in a new bottle — or something more? We discussed this on Orbital, the Gadgets 360 podcast. Later (starting at 23:00), we talk about the new OnePlus Watch. Orbital is available on Apple Podcasts, Google Podcasts, Spotify, and wherever you get your podcasts.
