Signal criticises Cellebrite over flaws in security software

Signal has criticised the cybersecurity firm Cellebrite over the security of its software, saying that it could be “easily hacked.”

The encrypted messaging service said that it had discovered flaws in the technology, despite Cellebrite claiming that it had “cracked” Signal’s secure messaging last year.

The two organisations have reportedly been involved in a conflict ever since. 

Most recently, Signal’s Chief Executive Officer, Moxie Marlinspike, quipped that he had found Cellebrite’s system after “it fell off a truck” in front of him.  

He said: "By a truly unbelievable coincidence, I was recently out for a walk when I saw a small package fall off a truck ahead of me.

"Inside, we found the latest versions of the Cellebrite software, a hardware dongle designed to prevent piracy... and a bizarrely large number of cable adapters."

He also added that the software was “so flawed, he could easily hack into it.”

In response to Marlinspike’s claims, Cellebrite said in a statement: “We constantly strive to ensure that our products and software meet and exceed the highest standards in the industry so that all data produced with our tools is validated and forensically sound."

The feud began in December last year, causing Signal to publish a blog post on Twitter detailing the claimed issues with Cellebrite’s security. 

In the tweet above the post, Signal said: “Our latest blog post explores vulnerabilities and possible Apple copyright violations in Cellebrite's software.”

Cellebrite said in defense that it "understands that research is the cornerstone of ensuring this validation, making sure that lawfully obtained digital evidence is utilised to pursue justice".

Cellebrite concluded that it “will continue to integrate these standards” into not only their products, but their software and the Cellebrite team as a whole. 

Doing so aims to allow them to “deliver the most effective, secure and user-friendly tools” for their customers.