Signal Alleges Flaws in Law Enforcement Equipment Sold by Israeli Surveillance Firm Cellebrite
Encrypted chat app Signal suggested in a blog post published on Wednesday that products sold to law enforcement from Israeli surveillance provider Cellebrite can easily be sabotaged.
Cellebrite DI, which specialises in helping law enforcement
and intelligence agencies copy call logs, texts, photos, and other data off of
smartphones, has repeatedly come under fire for past sales to authoritarian
governments, including Russia and China.
Signal, a privacy-focused app eager to show the lengths it
goes to protect users' conversations, clashed with Cellebrite last year when
the Israeli company said its equipment was upgraded to allow law enforcement to
scoop up Signal messages from devices in their possession.
Signal creator and CEO Moxie Marlinspike said in his blog
post on Wednesday he had come into possession of a bag of Cellebrite equipment
and examined the gear inside.
He was "surprised to find that very little care seems
to have been given to Cellebrite's own software security," Marlinspike
said, noting it would be easy to add a specially crafted file onto a phone that
would derail Cellebrite's functionality.
In a statement, Cellebrite did not directly address
Marlinspike's claim but said that the company's employees "continually
audit and update our software in order to equip our customers with the best
digital intelligence solutions available."
Elsewhere in his blog post, Marlinspike alleged he had found
snippets of code from Apple inside Cellebrite's software, something he said
"might present a legal risk for Cellebrite and its users" if it was
done without authorisation.
Apple did not immediately respond to a request for comment.
Signal's allegations come as Cellebrite prepares to go
public through a merger with a blank-check firm, valuing the equity of the
combined company at around $2.4 billion.
Comments
Post a Comment