Exploiting vulnerabilities in Cellebrite UFED and Physical Analyzer from an app's perspective
Cellebrite makes software to automate physically extracting and indexing data from mobile devices. They exist within the grey – where enterprise branding joins together with the larcenous to be called “digital intelligence.” Their customer list has included authoritarian regimes in Belarus, Ru...
Hasnain says:
The best defense is offense. This is amazing, from the discovery to the many clap backs here. Masterfully played too, with the bugs found, the exploits they’re going to “innocently” place, and also for highlighting violations of apple’s terms of service and putting the legality of evidence gathered this way into question.
“We are of course willing to responsibly disclose the specific vulnerabilities we know about to Cellebrite if they do the same for all the vulnerabilities they use in their physical extraction and other services to their respective vendors, now and in the future.”
Posted on 2021-04-22T07:00:39+0000