6. May 2021

Signal, the messaging app that has recently become a new focus for Cellebrite’s data-collection tools for law enforcement, raised the question late last month. 

Moxie Marlinspike, the creator of Signal, claimed that software flaws discovered in Cellebrite’s tools could be used to tamper with facts. As a result, one lawyer has already requested a new trial. But Marlinspike isn’t the only one who has scrutinized Cellebrite’s gadgets. At the Black Hat Asia conference on Friday, Matt Bergin of KoreLogic will present his latest findings, which are related to Cellebrite’s Universal Forensic Extraction Device, or UFED. KoreLogic’s senior information security researcher, Bergin, claims to have discovered three vulnerabilities in UFED.

Despite the fact that Cellebrite has now fixed those problems, Bergin believes that forensics software should be placed through rigorous penetration testing to find bugs that might jeopardize proof. Bergin will also display up Lock Up, an Android app he created that can factory reset a phone if it detects Cellebrite software attempting to copy data. All of his research stems from a fear that Cellebrite’s forensic instruments might be tampered with by bad actors, resulting in the false accusation of innocent people. 

“My whole goal for this project was to really highlight the fact that forensics tools are not immune to software vulnerabilities. And those issues, when exploited, do have real-life implications for people. That could be the rest of your life in jail,” Bergin stated.