Popular iPhone forensic app partially unavailable after Signal blog post: Report
The company's ‘Physical Analyser’ tool that is used to scoop up data from iPhone and Android devices reportedly contained various security flaws that Signal claimed it managed to exploit last week.
Last week, popular encrypted messaging service Signal announced that it had found certain vulnerabilities in a well-known software used to extract information from iPhones. The software manufacturer, Cellebrite, has now reportedly stopped offering its tool for iPhones.
According to a report by 9to5Mac, the Cellebrite Physical Analyser, a tool used by governments and other entities to scan smartphones and collect the data inside in a neat and organised fashion, has updated its software to protect itself from some of the security flaws that Signal identified in great detail along with screenshots and a lot of sarcasm last week.
Signal had revealed it obtained one of Cellebrite’s Physical Analyzer tool. However, it had not disclosed how it managed to find the device that is usually sold only to governments, instead offering an elaborate story of how it fell off a truck while founder Moxie Marlinspike was out for a walk. After analysing the software, he found multiple security flaws which he documented in a blog post.
However, Signal also hinted in a not-so-subtle manner that it was adding code to its app that would sabotage or render useless any data that was collected by the Cellebrite’s Physical analyser software on an iPhone with Signal installed. Since Signal didn’t disclose exactly what steps they had taken to achieve this, 9to5Mac suggests that Cellebrite wasn’t able to identify and protect its software from being compromised, which is why the tool was being discontinued for iPhones.
“It’s possible to execute any code, and a real exploit payload would likely seek to undetectably alter previous reports, compromise the integrity of future reports (perhaps at random!), or exfiltrate data from the Cellebrite machine,” Marlinspike explained while demonstrating how Signal's software exploit worked.
The report also states that Cellebrite issued a note saying that updates to Cellebrite UFED 184.108.40.206 and Cellebrite Physical Analyzer 7.44.2 had been released to “address a recently identified security vulnerability” and that the security patch “strengthens the protection” of the solutions. The company also reportedly informs users that s part of the update, the Advanced Logical iOS extraction flow “is now available in Cellebrite UFED only”.