The company said it can access, export, and analyze data from phones that use the app. Analysts and experts are pretty sure that Signal remains a secure application.
The Israeli intelligence company Cellebrite posted an article on its blog claiming to have managed to decrypt messages and attachments with the encrypted messaging app Signal. However, the firm removed the post after Edward Snowden and other experts dismissed its claims.
The signal is an instant messaging and attachments application. It is open source and is mainly focused on privacy and security. This app enables users to send automatically encrypted text messages, documents, images, videos, and contact information, keeping them safe from third-party surveillance and intrusion.
In the publication, which remains on the internet, Cellebrite claimed that its universal forensic extraction device (UFED), allowed the decodification of information and data from Signal. The company provided a detailed explanation of how it “cracked the code,” for which it analyzed Signal’s open-source protocol and used it against it.
Cellebrite added that authorities are working hard to require developers of encrypted software to include a “back door” that allows them to access user data. The Israeli company also said that until these agreements are at work, the company will continue to collaborate with the police of the country and intelligence agencies to “allow them to decrypt and decode the data from the Signal application.”
What do privacy experts say?
One of the first to comment on the Cellebrite post was cybersecurity researcher Moxie Marlinspike, co-author of the protocol and CEO of Signal. For him, what the Israeli company is doing is extracting the messages from the devices they find unlocked, as he wrote in a tweet. Edward Snowden supports his theory.
“No, Cellebrite cannot decrypt Signal communications. What they sell is a forensic device for cops to connect to unsafe and unlockable phones to download a ton of data from popular apps in an easier way than doing it manually. They just added Signal to that app list. That’s it, there is no magic…” Said Snowden.
For his part, Etienne Maynier, a security researcher at Amnesty International, told Middle East Eye that Cellebrite has nothing new in its hands. As you have been doing, once the [UFED] tool has full access to the phone data, there is nothing technically preventing you from accessing the Signal data. This means that for it to have access to Signal data and run a forensic analysis, the Israeli company only needs to access the phones either through a password, a Touch ID, or facial recognition.
According to Maynier, there are two ways to get access to mobile devices. One is by applying pressure and forcing the user to provide the access password, or by using a technical approach that exploits the security problems that the device system has.
Spyware of care?
Founded in 1999, Cellebrite technology lives in more than 150 countries, including state security agencies and government intelligence or law enforcement agencies with doubtful and poor human rights records.
Among them are repressive countries like Venezuela, Belarus, and even Indonesia. The UEFD product allows them to extract SMS messages, call logs, Internet browsing histories, and data stored or deleted from phones, as a publication of the Haaretz medium points out.
By: Jenson Nuñez.
