Cellebrite, the machine used to take data from your iPhone, is taking software from Apple

The Signal blog has a post which details security vulnerabilities in a Cellebrite device. Among the details they noticed? Cellebrite is using DLLs that are distributed with iTunes for Windows.

“Also of interest, the installer for Physical Analyzer contains two bundled MSI installer packages named AppleApplicationsSupport64.msi and AppleMobileDeviceSupport6464.msi. These two MSI packages are digitally signed by Apple and appear to have been extracted from the Windows installer for iTunes version 12.9.0.167.”

MSI packages

“…It seems unlikely to us that Apple has granted Cellebrite a license to redistribute and incorporate Apple DLLs in its own product, so this might present a legal risk for Cellebrite and its users.”

… You think? I have reached out to Apple for comment, and will update if they respond.

Interesting point number 2

The beginning of the signal blog contends they found the cellebrite off the back of a truck, and have photos of it laying on the ground.

“By a truly unbelievable coincidence, I was recently out for a walk when I saw a small package fall off a truck ahead of me. As I got closer, the dull enterprise typeface slowly came into focus: Cellebrite. Inside, we found the latest versions of the Cellebrite software, a hardware dongle designed to prevent piracy (tells you something about their customers I guess!), and a bizarrely large number of cable adapters.”

Cellebrite case on side of road.

At the end of the piece, Moxie (the author of the post at Signal) writes:

“In completely unrelated news, upcoming versions of Signal will be periodically fetching files to place in app storage. These files are never used for anything inside Signal and never interact with Signal software or data, but they look nice, and aesthetics are important in software.”

‘It fell off a truck’ and after looking at it, ‘we’re including some pretty files that won’t do anything inside signal.’ Given that Cellebrite executes all kinds of things, seems like Signal came up with an exploit against Cellebrite’s hardware.

Leave a Reply

Your email address will not be published. Required fields are marked *