Sabre-rattling between surveillance technology company and Signal app founder

[bugmenоt]

Cellebrite is the producer of surveillance technology used by many government agencies to quickly grab and analyze all data on an unlocked smartphone. They recently claimed to have hacked Signal. The claim was something between an overstatement and a lie, however enough to piss off its creator Moxie Marlinspike. He now claims to have found security holes in Cellebrites software which would make it possible to prepare a smartphone in a way that, if police is scanning it using Cellebrite's software, the police's computer can be compromised. This could render any gathered evidence useless in front of a court. He's also implying that he'll add that exploit to randomly selected Signal users' phones. Oh, and he claims to have found out that the software is distributed with a file owned by Apple without their consent, which could also be legally juicy.


https://signal.org/blog/cellebrite-vulnerabilities/

[Faust]

Awesome. Ideally if he wanted to damage cellbrite all he needs to do is publish the exploit. They would mitigate it but the damage would already be done reputationally .

Seperately if he is able to filter their scan techniques from general traffic, he could make a data poison app that every single phone scanned would get flagged for suspicious behaviour rendering the technique invalid in court also