Signal app creator alleges security flaws in Cellebrite equipment
The app's founder also alleged he had found snippets of code from Apple inside Cellebrite's software, something he said "might present a legal risk for Cellebrite and its users" if it was done without authorisation.
Encrypted chat app Signal suggested in a blog post published on Wednesday that products sold to law enforcement from Israeli surveillance provider Cellebrite can easily be sabotaged.
Cellebrite DI Ltd, which specializes in helping law enforcement and intelligence agencies copy call logs, texts, photos and other data off of smartphones, has repeatedly come under fire for past sales to authoritarian governments, including Russia and China.
Signal, a privacy-focused app eager to show the lengths it goes to protect users' conversations, clashed with Cellebrite last year when the Israeli company said its equipment was upgraded to allow law enforcement to scoop up Signal messages from devices in their possession.
Also read: Signal jokes about WhatsApp's 'downtime', reports spike in user registrations
Signal creator and CEO Moxie Marlinspike said in his blog post on Wednesday he had come into possession of a bag of Cellebrite equipment and examined the gear inside.
He was "surprised to find that very little care seems to have been given to Cellebrite's own software security," Marlinspike said, noting it would be easy to add a specially crafted file onto a phone that would derail Cellebrite's functionality.
In a statement, Cellebrite did not directly address Marlinspike's claim but said that the company's employees "continually audit and update our software in order to equip our customers with the best digital intelligence solutions available."
Don't miss: Researcher claims Mark Zuckerberg uses Signal, app tweets he is ‘leading by example'
Elsewhere in his blog post, Marlinspike alleged he had found snippets of code from Apple inside Cellebrite's software, something he said "might present a legal risk for Cellebrite and its users" if it was done without authorisation.
Apple did not immediately respond to a request for comment.
Signal's allegations come as Cellebrite prepares to go public through a merger with a blank-check firm, valuing the equity of the combined company at around $2.4 billion.
Follow HT Tech for the latest tech news and reviews , also keep up with us on Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.