undefined | Better HN

0 pointsupofadown5y ago0 comments

You can't just claim an unknown entity framed you and hope to get anywhere. Heck, you could just as well claim that Cellebrite themselves had it in for you.

Cellebrite has never claimed any particular exploits in Signal. Signal is exploitable in this particular way for entirely obvious and common reasons.

0 comments

derivagral5y ago

You'd claim that the tooling used and thus the evidence is unreliable. Not because of yourself or anybody targeting yourself, but due to other actors attacking Cellebrite and leaving you as collateral damage. You'd base this on testimony from other (court-authorized) experts, perhaps even the CEO of a major privacy app. Would be an interesting trial to follow in the US, not sure I'd want to be the defendant though.

rOOb855y ago

It's about casting doubt on their software and it's trustworthyness.

In computer forensics it's ALL about being able to verify, without a shadow of doubt that something is what they say it is. Chain of custody rules everything. This blasts a huge gaping hole in all that. He's proven that chain of custody can be tampered with and undetected. Files can be planted, altered or erased. Reports can altered. Timestamps can be changed. The host OS can be exploited. It calls all past and future cellbrite reports into question. Cellbrite can no longer guaranty their software acts in a consistent reliable verifiable way. It leaves doubt.

wglb5y ago

> In computer forensics it's ALL about being able to verify, without a shadow of doubt that something is what they say it is

Mostly. The other side gets all the evidence that the opposing side sees. They both get a chance to review it.

> Chain of custody rules everything.

Agree.

> This blasts a huge gaping hole in all that.

Not really. The analysis goes in two steps. One is to pull all the data from the phone, in a chain-of-custody manner. In an adversarial case, both sides can do this.

The collection and analysis go into two steps. First is moving the data to windows box. Next is the analysis. As I understand it, the analysis portion is where things can explode. Then, if in the hands of someone skilled in forensics, the extracted data would be saved in some other device, possibly to be shared with the other side. Then the risky, potentially explosive analysis would be done. It is very unlikely that all previous cases exist on that device and nowhere else.

Therefore,

> It calls all past and future cellbrite reports into question.

is not true, as the extracted files are likely not on the collecting windows device.

In any case, it is not clear how many uses of this device are in actual legal environments.

hvis5y ago

> As I understand it, the analysis portion is where things can explode.

This very blog post says they have found similar vulnerabilities in both steps.

upofadownOP5y ago

If the data collection step can possibly be affected by things like media file exploits then that would be a much bigger problem by itself. Cellebrite would have no reason to execute or interpret anything off the target device in this stage. If they were doing that then the Signal article would of pointed that out first.

adriancr5y ago

By mearly backing up phone with cellebrite it may run exploits.

Exploits may fuck up phone, backup and even cellebrite host os.

As such, phone, backed up data and reports are useless going forward.

zaphar5y ago

Why would it have to be an unknown entity? I imagine in at least some court cases there could be potential antagonists to pin the blame on.

novok5y ago

You can claim that by having signal on your phone, it probably compromised the evidence gathering and you didn't know about it and you don't know how, so that evidence is not trustworthy. Kind of like police opening anti-tamper / anti-shoplifting seals which ruin the item they are trying to confiscate with a large amount of dye.

j / k navigate · click thread line to collapse