Published in News

Cellebrite claims it can break into Signal

by on15 December 2020
Cellebrite claims it can break into Signal


End to end encryption was supposed to be safe

 Israeli phone-hacking firm Cellebrite said in a blog post that it can now break into Signal, an encrypted app considered safe from external snooping.

According to Haaretz Cellebrite's flagship product is the UFED (Universal Forensic Extraction Device), a system allows authorities to unlock and access the data of any phone in their possession.

Another product it offers is the Physical Analyzer, which helps organise and process data lifted from the phone. However now the company says that the analyzer has now been updated with a new capability, that allows clients to decode information and data from Signal.

Signal, owned by the Signal Technology Foundation, uses a special open source encryption system called Signal Protocol, which was thought to make it nigh-on impossible for a third party to break into a conversation or access data being shared on the platform. It does so by using end-to-end encryption.

According to Cellebrite's announcement last week, "Law enforcement agencies are seeing a rapid rise in the adoption of highly encrypted apps like Signal, which incorporate capabilities like image blurring to stop police from reviewing data.

"Criminals are using this application to communicate, send attachments, and making [sic] illegal deals that they want to keep discrete and out of sight from law enforcement," the blog post added.

Despite support for the app's encryption capabilities, Cellebrite noted that "Signal is an encrypted communication application designed to keep sent messages and attachments as safe as possible from third-party programs.

"Cellebrite Physical Analyzer now allows lawful access to Signal app data. At Cellebrite, we work tirelessly to empower investigators in the public and private sector to find new ways to accelerate justice, protect communities, and save lives."

In an earlier, now deleted, version of the blog post, the company said: "Decrypting Signal messages and attachments was not easy. It required extensive research on many different fronts to create new capabilities from scratch.

The initial post, which was stored on the Internet Archive, also included a detailed explanation of how Cellebrite "cracked the code" by reviewing Signal's own open source protocol and using it against it.

Last modified on 15 December 2020
Rate this item
(2 votes)
More in this category: « Solar gets even more efficient Codemasters agrees to EA buy out »
back to top

Most popular

Latest comments