Signal CEO attacks hacking tool Cellebrite, claims to have hacked into it

It's a tale that could have been pulled from a piece of '90s science fiction: the CEO of private messaging app Signal claims to have hacked Cellebrite, a hacking service often used by police in the UK and US.

Moxie Marlinspike, who founded Signal in 2013, published a lengthy blog about the move this week and included a video that edited his hack into a scene from 1995 film Hackers.

Cellebrite creates tools that are used to extract private data from mobile phones, often used by authorities to pull information from seized devices.

The Israeli company has drawn controversy for allegedly selling its tools not just to authorities in the West, but also authoritarian regimes such as those in Russia, China and Myanmar.

Calling itself a "digital forensics" company, Cellebrite works mostly by finding hidden vulnerabilities in devices and then exploiting them - which is exactly what Marlinspike claims to have done, turning the tables and hacking the hackers.

Those vulnerabilities apparently make it easy to plant a code on a phone that would take over Cellebrite's hardware if it was used to scan the device. This would not only silently affect all future investigations, but could also rewrite and falsify the data the Cellebrite tools had taken in previous hacks.

"We were surprised to find that very little care seems to have been given to Cellebrite's own software security. Industry-standard exploit mitigation defences are missing, and many opportunities for exploitation are present," Marlinspike wrote.

"We are of course willing to responsibly disclose the specific vulnerabilities we know about to Cellebrite if they do the same for all the vulnerabilities they use in their physical extraction and other services to their respective vendors, now and in the future."

In a tweet on his personal account, Marlinspike says his hack of Cellebrite came after the company announced it would begin taking data from Signal accounts after cracking the app's encryption.

He also claims to have found a Cellebrite package containing hardware and software that fell off a truck in front of him on the street - an apparent joke.

The blog goes on to claim - with screenshots as evidence - that Cellebrite software contains code that is intellectual property belonging to Apple.

"It seems unlikely to us that Apple has granted Cellebrite a license to redistribute and incorporate Apple DLLs (dynamic linked libraries) in its own product, so this might present a legal risk for Cellebrite and its users."

In a statement to media, Cellebrite denied empowering oppressive regimes, but did not deny the existence of the vulnerabilities Marlinspike exposed.

"Cellebrite enables customers to protect and save lives, accelerate justice and preserve privacy in legally sanctioned investigations. We have strict licensing policies that govern how customers are permitted to use our technology and do not sell to countries under sanction by the US, Israel or the broader international community," the statement reads.

"Cellebrite is committed to protecting the integrity of our customers' data, and we continually audit and update our software in order to equip our customers with the best digital intelligence solutions available."