Security News > 2021 > May > Friday Squid Blogging: Far Side Squid Comic

"Cellebrite's products are part of the industry of"mobile device forensics" tools.

Cellebrite holds itself out as meeting the standards that U.S. courts require for digital forensics.

"Between Cellebrite and the other vendors in the industry of mobile device forensics tools, there are over two thousand law enforcement agencies across the country that have such tools - including 49 of the 50 biggest cities in the U.S. Plus, ICE has contracts with Cellebrite worth tens of millions of dollars."

"In a recent legal webinar about mobile device forensics tools, the discussion touched upon Signal's Cellebrite hack. One of the panelists pointed out that Cellebrite's not the only game in town when it comes to these extraction tools. It's a whole industry, it's not just this one company, although Cellebrite is probably the best-known actor in that industry. Therefore, as the panelist pointed out, if you're law enforcement, you can just perform the same extraction through a different program, and there won't be a problem because this flaw is unique to Cellebrite."

In the same way as the attack would not be unique to Signal, any app could do it, the problem is very definately not unique to Cellebrite's products, they all have them one way or another and will have more as time goes on.

Further even if such a file is found on a phone by those working in the bottom end of the justice system, the best that can be shown is that the user got sent the file on such and such a date and time, along with some meta-data that could very very easily be made non attributable The fact that the file will apparently behave normally on the phone because it's payload is not aimed at the phone makes "Plausable deniability" for the phone user that much easier.

News URL

https://www.schneier.com/blog/archives/2021/05/friday-squid-blogging-far-side-squid-comic.html