Security News > 2021 > April > Security Vulnerabilities in Cellebrite

Moxie Marlinspike has an intriguing blog post about Cellebrite, a tool used by police and others to break into smartphones.

We found that it's possible to execute arbitrary code on a Cellebrite machine simply by including a specially formatted but otherwise innocuous file in any app on a device that is subsequently plugged into Cellebrite and scanned.

This means that Cellebrite has one - or many - remote code execution bugs, and that a specially designed file on the target phone can infect Cellebrite.

By including a specially formatted but otherwise innocuous file in an app on a device that is then scanned by Cellebrite, it's possible to execute code that modifies not just the Cellebrite report being created in that scan, but also all previous and future generated Cellebrite reports from all previously scanned devices and all future scanned devices in any arbitrary way, with no detectable timestamp changes or checksum failures.

It could even write that fabricated/altered evidence back to the phone so that from then on, even an uncorrupted version of Cellebrite will find the altered evidence on that phone.

The idea, of course, is that a defendant facing Cellebrite evidence in court can claim that the evidence is tainted.

News URL

https://www.schneier.com/blog/archives/2021/04/security-vulnerabilities-in-cellebrite.html