this post was submitted on 20 Aug 2023
377 points (98.2% liked)
Technology
59285 readers
4621 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
My wife works an cellebritete. Its a device you connect to any phone and it gets evidence police is looking for. It can scan ANYTHING on the phone in seconds. This includes messages in applications, phone calls, images, appilcation data. Anything.
The smart thing about this is (if used under legal hands under a non corrupt government/entity) is it can be set up to only spit out relevant evidence by some search predicate / criteria and nothing else incriminating.
So for example if someone is arrested for kidnaping and they want to know if the suspect is really a kidnapper and maybe where the victim is it can spit out anything related to the case in question but nothing else incriminating on unrelated stuff.
It does this in under a set of rules admissible in court. IE the evidence cannot be tampered with (even by police) , it assures that the evidence is actually from that specific phone and wasnt touched and so on…
Yeah, but phones have encryption and security. In order to get access to the data on the phone, cellebrite is hacking the device to circumvent the security measures and break the encryption, which is illegal for any individual to do, and should also be illegal for a corporation to do (corporations are individuals, legally speaking).
Phone manufacturers do not want companies like cellebrite breaking into their devices because it can be used for nefarious purposes. If cellebrite can get in, any other hacker can get in. So, phone makers are always closing these security vulnerabilities where they can find them.
Cellebrite is (hopefully) used under the law. They either get warrant or use a perpetual warrant on urgent security stuff. At least in countries with proper laws and abiding police.
Hackers sure indeed can use the insecurities cellebrite is using. But cellebrite has massive amount of budget for finding insecurities which normal hackers / people lack.
Illegal to hack my own phone? Not even close
It’s like you’re trying to miss the point.
It’s a comment, not my opening arguments to the debate, it’s perfectly legal to “hack” things you own, especially your fucking phone which pokes a hole in your argument that therefore companies shouldn’t be able to either.
It’s illegal to break into other peoples stuff, not your own which is why these loopholes holes will always exist for “consumers” who wish to “get back into their own stuff”
How would making it illegal for companies to find security holes in other companies phones prevent cops from going to underground sources if what they’re doing now is so illegal?
Idk maybe I have missed your point, I really don’t see how the logic follows
I do agree it seems legal to hack the things you own. My comment has nothing to do with that, so your comment felt like a nonsequiter, or at best a straw man.
In this case, cellebrite is not hacking things it owns. It is hacking things other people own. It is bizarre to me how this is legal given the laws against it that individuals have been prosecuted with. Also, doing security research to find vulnerabilities usually results in disclosing those vulnerabilities to the software producer. In this case, cellebrite is not doing that because it would not like to see those vulnerabilities patched.
Cellebrite not disclosing the vulnerabilities isn’t very “nice” but it’s not the law. I’m definitely not arguing for this company being ethical in any way. They’re also not the one hacking other peoples devices. They just make the device that is capable of doing so.
Forgive the analogy, but they’re basically making guns. Now whether or not we should allow anyone to make weapons that could impact others is another question we’ve not had sufficient time to discuss legally yet. Mostly because the govt in my country is old as shit and mostly clueless about tech
They do hack the devices though. https://9to5mac.com/2022/02/10/cellebrite-kit-cant-unlock-iphones/
To follow your gun analogy, it’s like “we won’t sell you this special gun, but for a fee we can be your hit man.”
Oh…
Yeah that’s not so great and should definitely be handled. How do they know for example that you’re with the police for sure or not etc etc
The question is which devices it works on. Probably mostly older ones, but I wouldn't be surprised if they invest heavily into zero day research and can do some stuff with newer ones as well.
I wrote with 100% confidence: all of them. This is what they are a zero day warehouse company and trader.
It's true, my uncle's cousin works for Cellebrite and says they can even hack into our brains
I trust you, bro