Buongiorno, Una borsa cade da un furgone proprio nelle mani di quello che ce l'ha a morte con Cellebrite per quello che fanno, anche con i dati (locali ovviamente) di Signal... guarda a volte le coincidenze eh! :-D Dopo una cosa del genere in un mondo normale l'azienda dovrebbe fallire nel giro di tre giorni... io invece scommetto un caffè che continuerà a fare un sacco di affari. Alberto Cammozzo via nexa <nexa@server-nexa.polito.it> writes:
<https://arstechnica.com/information-technology/2021/04/in-epic-hack-signal-d...>
For years, Israeli digital forensics firm Cellebrite has helped governments and police around the world break into confiscated mobile phones, mostly by exploiting vulnerabilities that went overlooked by device manufacturers. Now, Moxie Marlinspike—creator of the Signal messaging app—has turned the tables on Cellebrite.
On Wednesday, Marlinspike published a post that reported vulnerabilities in Cellebrite software
Credetemi, vale la pena di leggere anche il post su Signal: https://signal.org/blog/cellebrite-vulnerabilities/ --8<---------------cut here---------------start------------->8--- Cellebrite makes software to automate physically extracting and indexing data from mobile devices. They exist within the grey – where enterprise branding joins together with the larcenous to be called “digital intelligence.” Their customer list has included authoritarian regimes in Belarus, Russia, Venezuela, and China; death squads in Bangladesh; military juntas in Myanmar; and those seeking to abuse and oppress in Turkey, UAE, and elsewhere. A few months ago, they announced that they added Signal support to their software. Their products have often been linked to the persecution of imprisoned journalists and activists around the world, but less has been written about what their software actually does or how it works. Let’s take a closer look. In particular, their software is often associated with bypassing security, so let’s take some time to examine the security of their own software. --8<---------------cut here---------------end--------------->8--- [...]
“We are of course willing to responsibly disclose the specific vulnerabilities we know about to Cellebrite if they do the same for all the vulnerabilities they use in their physical extraction and other services to their respective vendors, now and in the future,”
Standing ovation di 3 ore! Saluti, Giovanni -- Giovanni Biscuolo Noi, incompetenti come siamo, non abbiamo alcun titolo per suggerire alcunché.