Signal Founder Dismisses Cellebrite Encryption Crack Claim

Security specialist Cellebrite has astonished the security industry with a claim that it has cracked the encryption of one of the most secure messaging apps on the market.

The firm in a blog post claimed that highly encrypted apps such as Signal are being increasingly used by criminals to evade police and law enforcement.

The mobile forensics firm noted that Signal not only uses end-to-end encryption for the data it sends, but the app also employs a proprietary open-source encryption protocol called “Signal Protocol”.

Cellebrite claim

Cellebrite said that its “Physical Analyzer now allows lawful access to Signal app data,” it wrote. “At Cellebrite, we work tirelessly to empower investigators in the public and private sector to find new ways to accelerate justice, protect communities, and save lives.”

But that blog post has been extensively altered from the original one, in which it claimed that its product Universal Forensic Extraction Device (UFED) could access, lift and analyse data of mobile phones using the app.

It claimed it could decrypt messages from Signal’s highly secure chat and voice-call app, boasting that it could disrupt communications from “gang members, drug dealers and even protesters”

But the reality is that Signal is used by many other people worried about privacy (i.e. journalists etc), and not just criminals.

The original Cellebrite blog post provided a technical explanation of how it found a decryption key that allowed it to access the messages that Signal stores its database.

It then described how it searched Signal’s open-source code for clues as to how to breach the database.

“We finally found what we were looking for,” it was quoted as written by the BBC, with a full explanation of how it did it, which has since been deleted.

Its claim suggested that it could “crack” Signal on Android phones but did not mention Apple devices.

Signal response

But Cellebrite’s claim was quickly dismissed by the creator of Signal, Moxie Marlinspike, on Twitter.

“This was an article about ‘advanced techniques’ Cellebrite used to decode a Signal message on an unlocked Android device,” he tweeted in a response to someone flagging to him Cellebrite’s claim. “They could have also just opened the app to look at the messages.”

“The whole article read like amateur hour, which is I assume why they removed it,” added Marlinspike.

Questions remain

It remains to seen if Cellebrite really did manage to gain access to the decryption key, as that is usually well protected.

Rather, it seems that the exploit claims to worked via an unlocked Android phone, but Cellebrite has significantly altered its original blog on the matter, leading to question marks over the reliability of its original claim.

Indeed, some will ask why Cellebrite decided to publicly disclose “the issue” first, when it should have followed the responsible option and alerted Signal quietly that it had compromised its system.

Cellebrite was the firm that was reportedly hired by the FBI in 2016 to help access the locked iPhone belonging to the San Bernardino terriorist Syed Rizwan Farook.