Fri. May 7, 2021 | By Thomas Brewster – Forbes |
If the police get hold of a smartphone and they have a warrant to search it, they’ll often turn to a tool from Israeli company Cellebrite that can hack into it and download the data within. But on Friday a security researcher is releasing an app that he says can detect when a Cellebrite is about to raid the device, turn the phone off and wipe it.
It could prove to be a controversial release, given that criminals could use it to erase evidence. But Matt Bergin, the researcher at security company KoreLogic who created the tool, says Cellebrite could easily update its phone-hacking tech to stop his app—dubbed LockUp—from working. And he hopes his work, which also included finding now-patched security weaknesses in the Cellebrite, will bring to light the need for more tests on police forensics tools to ensure they’re secure and able to detect evidence tampering.
“My goal is not to arm criminals. It’s more to educate the general public and make it aware that we need policy changes to address these issues,” Bergin added. “I hope we see changes in policy that require the types of testing that I do.”
Bergin was able to carry out his research on a two-year-old Cellebrite Universal Forensic Extraction Device (UFED) acquired from eBay, a place where the tech, supposedly only to be used by police, has been spotted on sale before. He found a handful of security issues. First, he found a problem with the way in which Cellebrite handled its encryption keys. One of those keys—an authentication key—was supposed to guarantee that the Cellebrite device was the only one to carry out a forensic search on a phone, but they were the same for every unique Cellebrite system. “The problem with that is now, when evidence collected by the UFED is being introduced in the courts, you can’t really say that it was the Cellebrite itself that did the collecting of the content,” Bergin explained. He also found keys that let him pull all the code used to exploit vulnerabilities in Android, all of which appeared to have been fixed on Google’s operating system…
Read more here
