Cellebrite asks cops to keep its phone hacking tech ‘hush hush’ | TechCrunch::For years, cops and other government authorities all over the world have been using phone hacking technology provided by Cellebrite to unlock phones and In a leaked video, a Cellebrite employee urges law enforcement customers to keep their use of its phone hacking technology secret.

  • phoneymouse@lemmy.world
    link
    fedilink
    English
    arrow-up
    21
    ·
    1 year ago

    Anyone know what Cellebrite can hack these days? I thought many of the latest phones and software versions had closed their vulnerabilities. Does anyone have data on which phones and OS versions are still vulnerable?

    • lemmy___user@lemmy.world
      link
      fedilink
      English
      arrow-up
      15
      ·
      1 year ago

      I very briefly worked for one of their competitors a few years back. These devices are pretty much limited to whatever you can do with root on android or jailbreaking iOS. If a person has a modern phone and a good sense of op-sec, chances are they can’t get much. These things basically work by doing backups then analyzing those backups offline, searching in known locations for non-encrypted databases and images. On android they can also do things through adb, like automated screenshots.

      If you hand the cops a powered off non-rooted,locked bootloader, non-jailbroken phone and use e.g. signal, there’s not much they’ll be able to see. Of course, there seem to be other firms that operate at a higher level, and have some encryption breaking capabilities, but that’s not going to be accessible to your average cop.

      • Uriel238 [all pronouns]@lemmy.blahaj.zone
        link
        fedilink
        English
        arrow-up
        6
        arrow-down
        5
        ·
        1 year ago

        Some cryptography / privacy experts see this as a happy medium, in which it’s expensive (time and resource intensive) to get into a phone’s data, discouraging law enforcement from cracking open a phone on a whim (say, if officers are just fishing for probable cause because they don’t have the warrant they want, or an officer is spying on their ex.)

        Law enforcement is notorious for abusing forensic technology whether IMSI-catchers to locate phones or $2 chemical drug field tests which react positive to sugar and ashes in an urn: They’re not supposed to be use as a final arbiter that something is a controlled substance rather that a sample should be sent to a lab. But They’re great for establishing probable cause which is grounds for an invasive search.

        Throughout the US, most precincts have been repurposed to finding and securing any easily liquidatable assets using asset forfeiture laws on the pretense that the found lucre is criminal (it’s very difficult and costly to prove otherwise, sometimes taking decades) and police teams will take apart a car (or cavity search a woman) if they’ve been tipped the target is loaded with something worth grabbing.

        Oh and since around 2013, the NSA has been sending money-in-transit tips to local precincts, what theyve gleaned from PRISM. Purpose creep!

      • SloppyPuppy@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        My wife works at cellebrite. Its totally not like that. It can have access to ANY phone and any set of data within that phone.

        Its using zero days attacks that the company has either bought or found itself. And they are trying to keep their pool of zero day attacks up to date for all most comon phones.