Signal accuses Cellebrite of major security flaws in its software, after Cellebrite claimed to have cracked Signal's encryption. Moxie Marlinspike mocks the company, highlighting vulnerabilities that could compromise data. This battle raises questions about the security of surveillance technologies and data protection.
Encrypted messaging application Signal recently accused cybersecurity firm Cellebrite of major security flaws in its software. This dispute follows claims by Cellebrite that it had decrypted Signal's secure messaging last year, an accusation that Signal firmly rejected.
In his response, Signal executive Moxie Marlinspike joked that he had acquired Cellebrite's system after it “fell off a truck”. He went on to detail the flaws he had allegedly discovered, claiming that these made it easy to take control of the system and execute any code. Marlinspike also suggested that these vulnerabilities could allow access to data, modification of settings and much more.
Cellebrite, for its part, responded by asserting that its products and software met the highest industry standards, and guaranteed valid and forensically reliable data. However, Marlinspike's demonstration, in which he runs simple code on a machine equipped with Cellebrite's software, raised serious questions about the system's security.
Signal's blog quickly mocked Cellebrite, with references to cult movies like Hackers, and highlighted the extent of the vulnerabilities in the cybersecurity company's products. According to Signal, these flaws are particularly embarrassing for Cellebrite, which prides itself on its ability to penetrate secure messaging systems like Signal.
The attack on Signal is no mere exchange of polemics. It comes after Cellebrite claimed last December to have cracked Signal's encryption, a claim that has since been denied. Marlinspike called it a “nightmare” for Cellebrite, suggesting that their tools simply automate access to data on a physically unlocked device, a method that Signal strongly criticizes.
In short, this confrontation seems to mark yet another episode in the cyber-security war, and perhaps a “mic drop” for Signal, which seems to have left Cellebrite without a credible response. The battle continues between these two cybersecurity giants, raising questions about the security of surveillance technologies and the protection of personal data.
Source : BBC
