Signal Founder Dismisses Cellebrite Encryption Crack Claim

Security specialist Cellebrite has astonished the security industry with a claim that it has cracked the encryption of one of the most secure messaging apps on the market.

The firm in a blog post claimed that highly encrypted apps such as Signal are being increasingly used by criminals to evade police and law enforcement.

The mobile forensics firm noted that Signal not only uses end-to-end encryption for the data it sends, but the app also employs a proprietary open-source encryption protocol called “Signal Protocol”.

Cellebrite claim

Cellebrite said that its “Physical Analyzer now allows lawful access to Signal app data,” it wrote. “At Cellebrite, we work tirelessly to empower investigators in the public and private sector to find new ways to accelerate justice, protect communities, and save lives.”

But that blog post has been extensively altered from the original one, in which it claimed that its product Universal Forensic Extraction Device (UFED) could access, lift and analyse data of mobile phones using the app.

It claimed it could decrypt messages from Signal’s highly secure chat and voice-call app, boasting that it could disrupt communications from “gang members, drug dealers and even protesters”

But the reality is that Signal is used by many other people worried about privacy (i.e. journalists etc), and not just criminals.

The original Cellebrite blog post provided a technical explanation of how it found a decryption key that allowed it to access the messages that Signal stores its database.

It then described how it searched Signal’s open-source code for clues as to how to breach the database.

“We finally found what we were looking for,” it was quoted as written by the BBC, with a full explanation of how it did it, which has since been deleted.

Its claim suggested that it could “crack” Signal on Android phones but did not mention Apple devices.

Signal response

But Cellebrite’s claim was quickly dismissed by the creator of Signal, Moxie Marlinspike, on Twitter.

“This was an article about ‘advanced techniques’ Cellebrite used to decode a Signal message on an unlocked Android device,” he tweeted in a response to someone flagging to him Cellebrite’s claim. “They could have also just opened the app to look at the messages.”

“The whole article read like amateur hour, which is I assume why they removed it,” added Marlinspike.

Questions remain

It remains to seen if Cellebrite really did manage to gain access to the decryption key, as that is usually well protected.

Rather, it seems that the exploit claims to worked via an unlocked Android phone, but Cellebrite has significantly altered its original blog on the matter, leading to question marks over the reliability of its original claim.

Indeed, some will ask why Cellebrite decided to publicly disclose “the issue” first, when it should have followed the responsible option and alerted Signal quietly that it had compromised its system.

Cellebrite was the firm that was reportedly hired by the FBI in 2016 to help access the locked iPhone belonging to the San Bernardino terriorist Syed Rizwan Farook.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Huawei Asks Judge To Dismiss Charges In US Federal Case

Huawei asks judge to dismiss many charges in US controversial federal case that dates back…

22 hours ago

Japan To Invest $65bn In Chip Industry

Japan announces $65bn in subsidies and other incentives to boost production of advanced chips and…

22 hours ago

FTX Sues Binance Over Alleged $1.8bn Fraud

Bankrupt FTX sues former rival Binance for allegedly fraudulent transfer of $1.8bn weeks before crypto…

22 hours ago

Amazon Developing Smart Glasses For Delivery Drivers

Amazon reportedly developing smart glasses to provide delivery drivers with step-by-step instructions for last mile…

23 hours ago

Australian States Support Social Media Ban For Under-16s

Australian states and territories unanimously support social media ban for youths under 16, amidst growing…

24 hours ago

US Orders TSMC To Halt AI Chip Sales To China

US Commerce Department orders Taiwan's TSMC to halt sales of advanced AI accelerators to mainland…

1 day ago