Popular Phone Cracking Tool Gets Hacked by App CEO

Moxie Marlinspike, CEO of encrypted messaging app Signal, has just outed digital intelligence firm Cellebrite as having some less than stellar security practices.

Marlinspike remarked in a blog post that the lack of security measures taken by Cellebrite could let someone re-write the data collected by the company. Since their business revolves around software that unlocks phones and extracts data from them, this could pose a huge cybersecurity issue.

Why is this concerning? The firm is popular in the United States and is used frequently by law enforcement agencies to gather evidence from a suspect’s device. If what Marlinspike says is true, then it’s possible for someone to add files, remove or change messages, insert pictures, and manipulate information in other ways without any detectable timestamp.

If the information gathered from this software is going to be used in a court of law, what does that mean for a potential suspect? The evidence collected could be altered to make someone look guilty, or innocent, with no way of verification.

Signal’s CEO also claims that code found within the Cellebrite’s software seems to be intellectual property of tech giant Apple. If this is true, the company would be illegally selling code that belongs to another company.

The claims made by Marlinspike are hefty, but it really goes to show how a lack of security can decimate a company and, not to mention, ruin people’s lives. If a hacker or malicious actor were to mess around with someone’s data, they could post fake information via social media or use their personal information against them. It’s frightening to think that this “evidence” could then be used in a court of law to condemn an innocent person or otherwise exonerate a guilty party.

Cyber attacks and cyber threats are all around us, every day. It’s imperative that we all remain vigilant and aware of the risks surrounding us in order to safeguard ourselves against exploitation.