Cellebrite asks cops to keep its phone hacking tech ‘hush hush’ | TechCrunch::For years, cops and other government authorities all over the world have been using phone hacking technology provided by Cellebrite to unlock phones and In a leaked video, a Cellebrite employee urges law enforcement customers to keep their use of its phone hacking technology secret.

  • dynamojoe@lemmy.world
    link
    fedilink
    English
    arrow-up
    27
    ·
    1 year ago

    They’ll do their best to keep this out of the courtroom. This is a spying tool for parallel construction and espionage (corporate, political, etc) and they do not want to get called onto the stand under oath to testify about it.

    • pelicans_plight@lemmy.world
      link
      fedilink
      English
      arrow-up
      6
      arrow-down
      2
      ·
      edit-2
      1 year ago

      Yes they will, and it will work. It’s not like this is the first time fascists built tools for other fascists to use on the public illegally, then once it came to light the tired, sick, worked to death population did exactly what they were conditioned to do, nothing, because they can’t, they have no power, because they have been drained by corporate fascists so they have no recourse, no say in anything, it’s just go back to work to make sure you’re not eating out of garbage cans by next month.

      The public is apathetic, but it’s by design, if you don’t already know about Edward Bernays then I suggest looking him up and finding out how they control the public. This however feels vary familiar, there was a scandal in the 90s about Stingray devices being used illegally by guess who… fascist cops doing what the fascist propaganda taught them their whole life, get those “criminals” anyway you can, even if you have to become the highest order of criminal scum to do so, all those cop shows conditioned those fascists just right (no pun intended.) In other words this is just business as usual. Here’s a link to Wikipedia about Stingray devices if you’re interested. https://en.m.wikipedia.org/wiki/Stingray_use_in_United_States_law_enforcement

  • Kbobabob@lemmy.world
    link
    fedilink
    English
    arrow-up
    23
    ·
    1 year ago

    I like this part…

    For example, by including a specially formatted but otherwise innocuous file in an app on a device that is then scanned by Cellebrite, it’s possible to execute code that modifies not just the Cellebrite report being created in that scan, but also all previous and future generated Cellebrite reports from all previously scanned devices and all future scanned devices in any arbitrary way (inserting or removing text, email, photos, contacts, files, or any other data), with no detectable timestamp changes or checksum failures. This could even be done at random, and would seriously call the data integrity of Cellebrite’s reports into question.

  • phoneymouse@lemmy.world
    link
    fedilink
    English
    arrow-up
    9
    ·
    1 year ago

    Anyone know what Cellebrite can hack these days? I thought many of the latest phones and software versions had closed their vulnerabilities. Does anyone have data on which phones and OS versions are still vulnerable?

    • lemmy___user@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      arrow-down
      1
      ·
      1 year ago

      I very briefly worked for one of their competitors a few years back. These devices are pretty much limited to whatever you can do with root on android or jailbreaking iOS. If a person has a modern phone and a good sense of op-sec, chances are they can’t get much. These things basically work by doing backups then analyzing those backups offline, searching in known locations for non-encrypted databases and images. On android they can also do things through adb, like automated screenshots.

      If you hand the cops a powered off non-rooted,locked bootloader, non-jailbroken phone and use e.g. signal, there’s not much they’ll be able to see. Of course, there seem to be other firms that operate at a higher level, and have some encryption breaking capabilities, but that’s not going to be accessible to your average cop.

    • SloppyPuppy@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      1
      ·
      edit-2
      1 year ago

      My wife works an cellebritete. Its a device you connect to any phone and it gets evidence police is looking for. It can scan ANYTHING on the phone in seconds. This includes messages in applications, phone calls, images, appilcation data. Anything.

      The smart thing about this is (if used under legal hands under a non corrupt government/entity) is it can be set up to only spit out relevant evidence by some search predicate / criteria and nothing else incriminating.

      So for example if someone is arrested for kidnaping and they want to know if the suspect is really a kidnapper and maybe where the victim is it can spit out anything related to the case in question but nothing else incriminating on unrelated stuff.

      It does this in under a set of rules admissible in court. IE the evidence cannot be tampered with (even by police) , it assures that the evidence is actually from that specific phone and wasnt touched, changed, modified and norhing was added in and so on…

      • phoneymouse@lemmy.world
        link
        fedilink
        English
        arrow-up
        6
        ·
        1 year ago

        Yeah, but phones have encryption and security. In order to get access to the data on the phone, cellebrite is hacking the device to circumvent the security measures and break the encryption, which is illegal for any individual to do, and should also be illegal for a corporation to do (corporations are individuals, legally speaking).

        Phone manufacturers do not want companies like cellebrite breaking into their devices because it can be used for nefarious purposes. If cellebrite can get in, any other hacker can get in. So, phone makers are always closing these security vulnerabilities where they can find them.

        • SloppyPuppy@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Cellebrite is (hopefully) used under the law. They either get warrant or use a perpetual warrant on urgent security stuff. At least in countries with proper laws and abiding police.

          Hackers sure indeed can use the insecurities cellebrite is using. But cellebrite has massive amount of budget for finding insecurities which normal hackers / people lack.