22 April 2021

Ethical Hacking: All The Data You Can Extract....Let's Call This One An EPIC HACK

In way over-my-head, but here is a Bombshell from Ars Technical yesterday:
HACKING THE HACKERS —
"For years, Israeli digital forensics firm Cellebrite has helped governments and police around the world break into confiscated mobile phones, mostly by exploiting vulnerabilities that went overlooked by device manufacturers.
Now, Moxie Marlinspike—creator of the Signal messaging app—has turned the tables on Cellebrite.
In epic hack, Signal developer turns the tables on forensics firm Cellebrite

In epic hack, Signal developer turns the tables on forensics firm Cellebrite

Widely used forensic software can be exploited to infect investigators' computers.

More
"Wednesday, Marlinspike published a post that reported vulnerabilities in Cellebrite software that allowed him to execute malicious code on the Windows computer used to analyze devices. The researcher and software engineer exploited the vulnerabilities by loading specially formatted files that can be embedded into any app installed on the device.

Virtually no limits

“There are virtually no limits on the code that can be executed,” Marlinspike wrote.

He continued:

For example, by including a specially formatted but otherwise innocuous file in an app on a device that is then scanned by Cellebrite, it’s possible to execute code that modifies not just the Cellebrite report being created in that scan, but also all previous and future generated Cellebrite reports from all previously scanned devices and all future scanned devices in any arbitrary way (inserting or removing text, email, photos, contacts, files, or any other data), with no detectable timestamp changes or checksum failures. This could even be done at random, and would seriously call the data integrity of Cellebrite’s reports into question.

. . . Marlinspike included a video that shows UFED as it parses a file he formatted to execute arbitrary code on the Windows device. The payload uses the MessageBox Windows API to display a benign message, but Marlinspike said that “it’s possible to execute any code, and a real exploit payload would likely seek to undetectably alter previous reports, compromise the integrity of future reports (perhaps at random!), or exfiltrate data from the Cellebrite machine.”

. . .Marlinspike said he obtained the Cellebrite gear in a “truly unbelievable coincidence” as he was walking and “saw a small package fall off a truck ahead of me.” The incident does seem truly unbelievable. Marlinspike declined to provide additional details about precisely how he came into possession of the Cellebrite tools. . .

The vulnerabilities could provide fodder for defense attorneys to challenge the integrity of forensic reports generated using the Cellebrite software. Cellebrite representatives didn’t respond to an email asking if they were aware of the vulnerabilities or had plans to fix them. . ."

 

No comments:

Happy Holidays! From the Mesa Chamber of Commerce

  Click above to watch our holiday video! HOLIDAY HOURS In observance of the holidays, our office will be closed on Tuesday and Wednesday, D...