Despite claiming otherwise, the Israeli phone-hacking firm Cellebrite cannot hack into Signal, considered the world’s most secure encrypted communications platform, Signal’s founder said Wednesday.
Haaretz reported last week that Cellebrite claimed in a now-deleted blog post that its researchers had managed to break into the app. The news caused a stir online, with Signal founder Moxie Marlinspike and even NSA whistleblower Edward Snowden denying the claim.
“Not only can Cellebrite not break Signal encryption, but Cellebrite never even claimed to be able to,” Marlinspike wrote on the app’s website, in a blog post calling out the BBC and others for writing “clickbait” headlines.
Cellebrite offers law-enforcement agencies and other clients the ability to open phones already in their possession. According to Signal, “Cellebrite posted a pretty embarrassing [for them] technical article to their blog documenting the ‘advanced techniques’ they use to parse Signal on an Android device they physically have with the screen unlocked."
Responding to a question about Cellebrite’s claims last week, Snowden tweeted: “No, Cellebrite cannot decrypt Signal communications. What they sell is a forensic device cops connect to insecure, unlockable phones to download a bunch of popular apps’ data more easily than doing it manually. They just added Signal to that app list. That’s it. There’s no magic.”
Cellebrite’s flagship product is the UFED (Universal Forensic Extraction Device), a system that allows authorities to unlock and access the data of any phone they have. Another product is the Physical Analyzer, which helps organize and process data lifted from the phone.
The company announced in a December 10 blog post – first deleted, then redacted – that the analyzer had been updated with a new capability, developed by the firm, that allows clients to decode information and data from Signal.
- Hacking Grindr? Israel’s Cellebrite sold phone-hacking tech to Indonesia
- Despite sanctions, Israeli firm Cellebrite sold phone-hacking tech to Venezuela
- Revealed: Israeli firm provided phone-hacking services to Saudi Arabia
Signal, owned by the Signal Technology Foundation, uses a special, open-source encryption system called Signal Protocol, which makes it nigh-on impossible for a third party to break into a conversation or access data being shared on the platform. It does so by employing “end-to-end encryption.” It’s this latter aspect that both Signal and a cryptography expert who spoke with Haaretz say it is impossible to hack.
“This is a situation where someone is holding an unlocked phone in their hands and could simply open the app to look at the messages in it,” Signal wrote, clarifying that the actual encryption was not broken, but rather only how to access the app and its files from an unlocked phone already in your possession.
“If you have your device, Cellebrite is not your concern,” Signal wrote. “It is important to understand that any story about Cellebrite Physical Analyzer starts with someone other than you physically holding your device, with the screen unlocked, in their hands. Cellebrite does not even try to intercept messages, voice/video, or live communication, much less ‘break the encryption’ of that communication. They don’t do live surveillance of any kind.”
Calling out media outlets for amplifying Cellebrite’s claim, Signal added: “It’s hard to know how a post like that got out the door or why anyone thought revealing such limited abilities was in their interest.”
A leading Israeli cryptographer who asked not to be identified reviewed Cellebrite’s blog post for Haaretz. “It seems that the attack [they did] was focused on them already having access to the device and reading a decryption key from it,” they said. They explained that this is a far cry from being able to hack the actual encryption and only allows them to read local files on the device, which, as noted, is already in their possession.
“I don’t think they meant to claim that Signal was in any way broken,” the cryptographer said. “The attack they claimed was known for many years, and they just automated some aspects of it."
For example, they said it might be possible that if the phone in their possession were unlocked but Signal is locked by a pin code, they may be able to use an exploit to access the app. However, "If they actually managed to break the end-to-end encryption, it would be the end of cryptography as a field as we know it. And that is not the case.”