Follow

fucking with police tech 

Ok, so cops have this tool called Cellbrite they use to automate collecting data off of cell phones that they physically posses and are unlocked.

Turns out, Cellbrite has shite security, which means that you can drop an otherwise-inert file somewhere in your phone's system that, if scanned, will inject itself and allow arbitrary code execution on their Cellbrite device. I.E, you can make their hardware do literally anything you want, including compromising any data the device collects.

And in what they describe as unrelated news, Signal will start occasionally and randomly stashing some inert files in installations on established accounts.

signal.org/blog/cellebrite-vul

re: fucking with police tech 

(via @h3artbl33d but I wanted to add my own explanation)

re: fucking with police tech 

@starkatt the fuckin video demonstration is what gets me

moxie may be a bastard, but that was good

fucking with police tech 

@starkatt

Wow, thats nice! Thanks for sharing!

fucking with police tech 

@starkatt Know where one might be able to acquire such a file deliberately?

fucking with police tech 

@starkatt lmfao "In completely unrelated news, upcoming versions of Signal will be periodically fetching files to place in app storage. These files [...] never interact with Signal software or data, but they look nice, and aesthetics are important in software. [...] We have a few different versions of files that we think are aesthetically pleasing, and will iterate through those slowly over time. There is no other significance to these files."

fucking with police tech 

@robotcarsley @starkatt yes, they made digital art!

fucking with police tech 

@starkatt

oh my WORD this is wonderfullll

fucking with police tech 

@starkatt by the way, i appreciate your explanation! i only half knew about cellebrite, and my partner was totally uninterested in the link. your explanation was enough to communicate how fucking delicious the situation is

also
haha i very much enjoy that they explicitly called out that Cellebrite fucked with Apple. A+, i don't know if even *google* would be as vicious in response.

can't wait to see what the company that got into it with the *FBI* thinks of this

fucking with police tech 

@starkatt "We are of course willing to responsibly disclose the specific vulnerabilities we know about to Cellebrite if they do the same for all the vulnerabilities they use in their physical extraction and other services to their respective vendors, now and in the future." 🔥 🔥 🔥

Sign in to participate in the conversation
The Vulpine Club

The Vulpine Club is a friendly and welcoming community of foxes and their associates, friends, and fans! =^^=