Signal founder says he found loopholes in device used by police to extract data from cell phones
Chief executive of the messaging app says he found Cellebrite equipment on the street and then discovered vulnerabilities. Recently, the company responsible for the system found a way to access Signal data. Company services are being used in the Henry Borel case.
Moxie Marlinspike, founder and chief executive of Signal, WhatsApp’s rival messaging app and known for its security and privacy options, released a text on Wednesday (21) exposing loopholes in a Cellebrite device used by police to expertise and data extraction from cell phones.
Cellebrite’s services were highlighted in the investigation of the death of the boy Henry Borel, 4 years old.
The Civil Police of Rio de Janeiro used the company’s equipment to obtain evidence against councilor Dr Jairinho, the boy’s stepfather, and teacher Monique Medeiros, Henry’s mother.
“We were surprised to find that little care was taken of Cellebrite’s own software security,” wrote Marlinspike in a text on Signal’s official blog.
He said he found a briefcase with the device “on a walk in the street” and that it contained an adapter, several cables and the latest version of Cellebrite software.
Cellebrite products have the technical capability to unlock several Android and iOS phones (iPhones).
The Signal executive said that UFED (Universal Forensic Extraction Device, in translation of the acronym in English) has “several vulnerabilities” that could “tamper with the scanned device and the data that could be accessed” – which could compromise the integrity of expertise.
According to him, these loopholes could be used to change past and future reports made on the device.
In an encrypted message at the end of his text, Marlinspike said that future versions of Signal would “fetch files to put in the app’s storage” and that such files would be of no use.
Between the lines, the executive seems to suggest that the change will have an impact on the functioning of Cellebrite’s products.
In Brazil, in addition to the Henry Boral case, Cellebrite’s technology has already been used in Brazil in surveys carried out by Lava Jato, according to Federal Police reports.
The Cellebrite website itself states that the PF also used its services in Operation Enterprise, which investigated international drug trafficking.
In 2019, the Rio de Janeiro Public Prosecutor’s Office obtained authorization from the Rio de Janeiro court to use the company’s solutions in the investigation of the death of city councilor Marielle Franco and her driver, Anderson Gomes.