The Cellebrite Physical Analyzer – the most intrusive phone-cracking tool offered by the company – no longer supports the direct extraction of iPhone data, according to a document shared with us. This follows the discovery and exploitation of a vulnerability by secure messaging app Signal.

Signal discovered multiple security vulnerabilities in Cellebrite’s software, and was able to find a way to booby-trap iPhones to corrupt the results of a scan using Physical Analyzer …

Background

Cellebrite offers hardware and software designed to allow users to break into smartphones, and extract data from them. The company’s products are used by law enforcement agencies around the world, including those in some unsavory nation states likely to be using them to crack down on political dissidents.

Signal managed to get its hands on the software suite, including the Physical Analyzer module, which offers the deepest dive into the data stored on a smartphone. The messaging company carried out its own analysis of the software, finding a surprising number of security vulnerabilities.

It was able to exploit one of these to allow any iPhone to corrupt the data on any machine running the software. This would not only render useless the scan of the connected iPhone, but also corrupt the results of both past and future scans using the same machine.

All that was required, Signal said in a blog post, was to place a carefully crafted file onto the device. The post said that the company was now doing this for all Signal users. Indeed, even some non-Signal users chose to install the app simply to get this protection.

The company chose an ironic tone in making this announcement.

In completely unrelated news, upcoming versions of Signal will be periodically fetching files to place in app storage. These files are never used for anything inside Signal and never interact with Signal software or data, but they look nice, and aesthetics are important in software. 

Cellebrite Physical Analyzer announcement

Cellebrite responded by updating its software to close some of the security holes. However, it appears that it was unable to protect against the method Signal was using to corrupt the Physical Analyzer software, as it told users that the app no longer allows data extraction from iPhones using this software.

This message is to inform you that we have new product updates available for the following solutions:

Cellebrite UFED v7.44.0.205
Cellebrite Physical Analyzer v7.44.2
Cellebrite UFED Cloud v7.44.2

Cellebrite UFED 7.44.0.205 and Cellebrite Physical Analyzer 7.44.2 have been released to address a recently identified security vulnerability. This security patch strengthens the protection of the solutions.

As part of the update, the Advanced Logical iOS extraction flow is now available in Cellebrite UFED only.

However, the company says there is no significant user impact, as the UFED app can be used to extract the data and then pass it to Physical Analyzer for analysis.

This piece was updated following clarification by Cellebrite.

FTC: We use income earning auto affiliate links. More.


Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author

Ben Lovejoy's favorite gear