Updated It is possible to hijack and manipulate Cellebrite's phone-probing software tools by placing a specially crafted file on your handset, it is claimed.
Signal app supremo Moxie Marlinspike said in an advisory on Wednesday that he managed to get his hands on some of Cellebrite's gear, which is typically used by cops, government agents, big biz, and authoritarian regimes to forcibly access the contents of physically seized smartphones.
Thought the FBI were the only ones able to unlock encrypted phones? Pretty much every US cop can get the job done
Once a device is unlocked by Cellebrite's UFED software, its files and applications can be examined using a Cellebrite program called Physical Analyzer running on a Windows PC.
Marlinspike claims this software collection does a poor job of protecting itself when parsing malicious data extracted from handsets, to the point where it's possible for an innocent-looking file to inject and execute arbitrary code on the host PC.
That code can then modify the analyzer's operation, manipulate forensics reports, and so on. Essentially, you can turn the tables on whoever's probing the phone and hamper their investigation. Here's how Marlinspike put it:
Proof-of-concept exploits have been developed for UFED and Physical Analyzer to prove this, we're told. Signal's creator went on to say he'll disclose the holes he's found when Cellebrite discloses the vulnerabilities it exploits to forcibly unlock confiscated handhelds.
The main problem, it's said, is that Cellebrite's suite includes software libraries – such as FFmpeg DLLs – that haven't been updated to r ..