Could Cellebrite be a short opportunity?
Cellebrite is an Israel company that produces forensic software, "the global leader in Digital Intelligence (“DI”) solutions for the public and private sectors". They will merge with a SPAC TWCT, to became a publicly listed company on NASDAQ with ticker CLBT. More on that on their IR page.
The SoftwareCellebrite software is used in forensic analysis. When police (or the equivalent of authoritarian regimes that are in their customer list) want to inspect an Android or iOS phone, plug the device, unlock it, and then can use this software to retrieve and analyze the data on device.
Casus BelliOn December BBC run the untrue headline "Cellebrite claimed to have cracked chat app’s encryption". That was untrue, because Cellebrite just retrieve data from unlocked device storage. More on that on the Signal blog
Ok, now the juicy part…yesterday, Signal published a blog post where they reveal how they reverse hacked Cellebrite poor security. Summarized, they found a way to execute code on the machine that runs Cellebrite by putting a malicious file on the device. They found A LOT of vulnerabilities that can be exploited to hack the computer. They stated that this could exfiltrate data, or change data extracted by that computer from the analyzed device or the devices that will be analyzed in the future. That could mean reasonable doubt for trials with evidences extracted with this software.
Copiright infringement?Cellebrite software also incorporate and redistribute Apple DLLs, and seems unlikely that Apple licensed them to do so, and this could present a legal risk for Cellebrite and its users.
Dulcis in fundoSignal also declared that they will put "files" on devices storage. Not for signal use, but for aesthetics reasons. And sounds like a threat.Go see Signal blog post, it is worth even if you aren’t a security expert https://signal.org/blog/cellebrite-vulnerabilities/
And as papa Elon said, "Use Signal"
via r/wallstreetbets https://ift.tt/3qhG8Zq
April 22, 2021 at 07:40AM