Bringing you quick updates on the tech space, policy making and digital rights from India and across the globe. Signal creator claims Cellebrite can be easily sabotaged Moxie Marlinspike, the the creator of messaging app Signal, has written a long blogpost calling out various vulnerabilities in Cellebrite's devices. Cellebrite, an Israeli firm, is (in)famous for providing various spyware software products and services which are being used by law enforcement agencies across the world, including in India. Cellebrite devices have been used to unlock iPhones. Marlinspike, in the blogpost, claims to have found a Cellebrite equipment fall off a truck. "We were surprised to find that very little care seems to have been given to Cellebrite’s own software security. Industry-standard exploit mitigation defenses are missing, and many opportunities for exploitation are present," he wrote. Marlinspike said that the way Cellebrite's products, by virtue of their design, had many vulnerabilities that could allow attackers to tamper them by using an "innocuous file". "Any app could contain such a file, and until Cellebrite is able to accurately repair all vulnerabilities in its software with extremely high confidence, the only remedy a Cellebrite user has is to not scan devices," he said. It is hard to say what exactly prompted Signal's show of force against Cellebrite. However, if the blog post is any indication, the trigger could have been Cellebrite announcing a few months ago that it could break into Signal's security protocols as well. Signal subsequently rubbished the claim, saying that Cellebrite only…
