Israeli digital intelligence company Cellebrite said last week in a blog post that it could hack application end-to-end exchange of encrypted “Signal” messages installed on mobile phones, and access data users, with the Universal Forensic Extract Device (UFED) product.
The post was deleted and technology experts quickly ruled out the company's allegations. In particular, they say that the mobile phones of journalists and human rights activists are not in danger of being violated while using Signal.
Across the Middle East and elsewhere, governments have used technology - often developed in Ισραήλ - to hack phones through messaging apps.
While Facebook, WhatsApp and Skype use Signal code to encrypt their users' messages, Signal's application is known for its powerful encryption, which adds an extra layer of security by encrypting the files and attachments they send. the users. In this way it ensures users security from third party software.
Amnesty International security researcher Etienne Maynier told MEE that Cellebrite technology is not "innovative". In order for the Israeli company to access data and perform forensic analysis, it needs full access to a mobile phone, via password, touch ID or face recognition. This could be achieved in two ways: legally, by law enforcement requiring the user to provide the password, or by a technical approach that exploits security vulnerabilities in a device's system.
In addition, Maynier pointed out that once a Cellebrite product has full access to a phone's data, there is nothing to technically prevent it from accessing Signal data. Maynier added that anyone who has access to an "unlocked" telephone device will then have access to Signal data and possibly other applications installed on the device.
Maynier stressed that Signal guarantees security when communicating through end-to-end encryption, but explained that the security of data on a phone depends on the security of the system itself.
Founded in 1999, Cellebrite technology is used in 154 countries, with the company saying it has "made it possible to convict more than five million serious crimes, including murder, rape, human trafficking and pedophilia".
The Cellebrite UFED is a device in shape tablet, connected to a phone to access its data. It is already used by the FBI and other US police services.
Eight U.S. public schools also purchased "forensic tools" from Cellebrite last week to access their students' phone data, according to Apple Insider.
UEFD can "pull" SMS messages, call logs, browsing history in Internet and deleted data from telephones.
According to the Middle East Eye, in January 2017, the data stolen by the Israeli company was sold to Turkey, Saudi Arabia and the United Arab Emirates, countries known for, among other things, imprisoning journalists and activists. It has also sold its products to oppressive countries such as Venezuela, Belarus and Indonesia. In October, it stopped selling information technology to China and the Hong Kong administration, following international criticism.
Maynier stressed that Cellebrite must take due care of human rights to ensure that their products are not used for infringement their.
Researcher Richi Jennings conducted an in-depth study analysis, which states that Cellebrite did not actually manage to "break" the Signal, but to retrieve the messages from mobile phones, to which there was physical access and knew the unlock password.
It is worth noting that many Israeli companies, whose founders and employees come from the intelligence and defense industries, have developed technologies to crack down on and spy on cell phones. Indicatively, Israel's largest monitoring company, NSO Group, sold the software Pegasus spying on several repressive Arab governments, such as Saudi Arabia, the United Arab Emirates and Morocco, which used it to spy on journalists and activists.