The Cellebrite Physical Analyzer – the most intrusive phone-cracking tool offered by the company – no longer supports the direct extraction of iPhone data, according to a document shared with us. This follows the discovery and exploitation of a vulnerability by secure messaging app Signal.
Signal discovered multiple security vulnerabilities in Cellebrite’s software, and was able to find a way to booby-trap iPhones to corrupt the results of a scan using Physical Analyzer …
Background
Cellebrite offers hardware and software designed to allow users to break into smartphones, and extract data from them. The company’s products are used by law enforcement agencies around the world, including those in some unsavory nation states likely to be using them to crack down on political dissidents.
Signal managed to get its hands on the software suite, including the Physical Analyzer module, which offers the deepest dive into the data stored on a smartphone. The messaging company carried out its own analysis of the software, finding a surprising number of security vulnerabilities.
It was able to exploit one of these to allow any iPhone to corrupt the data on any machine running the software. This would not only render useless the scan of the connected iPhone, but also corrupt the results of both past and future scans using the same machine.
All that was required, Signal said in a blog post, was to place a carefully crafted file onto the device. The post said that the company was now doing this for all Signal users. Indeed, even some non-Signal users chose to install the app simply to get this protection.
The company chose an ironic tone in making this announcement.
Cellebrite Physical Analyzer announcement
Cellebrite responded by updating its software to close some of the security holes. However, it appears that it was unable to protect against the method Signal was using to corrupt the Physical Analyzer software, as it told users that the app no longer allows data extraction from iPhones using this software.
In completely unrelated news, upcoming versions of Signal will be periodically fetching files to place in app storage. These files are never used for anything inside Signal and never interact with Signal software or data, but they look nice, and aesthetics are important in software.
However, the company says there is no significant user impact, as the UFED app can be used to extract the data and then pass it to Physical Analyzer for analysis.
This message is to inform you that we have new product updates available for the following solutions:
Cellebrite UFED v7.44.0.205Cellebrite Physical Analyzer v7.44.2Cellebrite UFED Cloud v7.44.2
Cellebrite UFED 7.44.0.205 and Cellebrite Physical Analyzer 7.44.2 have been released to address a recently identified security vulnerability. This security patch strengthens the protection of the solutions.
As part of the update, the Advanced Logical iOS extraction flow is now available in Cellebrite UFED only.
This piece was updated following clarification by Cellebrite.