Israeli hacking firm says it can break into Signal
An Israeli technology firm accused for enabling authoritarian regimes to snoop on online communications has announced that it can hack into the encrypted messaging app Signal, previously deemed as secure by journalists, activists and rights workers in the regime.
Cellebrite previously developed the Universal Forensic Extraction Device (UFED), which allows regimes to unlock and retrieve data from any smartphone they find or seize.
Another of Cellebrite's products is the Physical Analyzer, which assists the processing of data from phones.
The company announced last week that a new update to the Physical Analyzer would allow Cellebrite's clients to decode data from Signal, a messaging app often used by activists and known as a safe method of communication, the Israeli newspaper Haaretz reported on Monday.
Cellebrite has come under fire for selling its products to countries with poor human rights records including Saudi Arabia, Indonesia, Venezuela, and Belarus. It previously provided services to China as well, but stopped following the repression of anti-government protests in Hong Kong.
Last September, Haaretz revealed that Cellebrite had sent an employee to Saudi Arabia to hack into a phone held by the Saudi justice ministry.
The Signal app which Cellebrite now says it can hack, uses an encryption system called Signal Protocol, which was thought to make if virtually impossible for any third party to spy on messages or data shared via the app.
A post on Cellebrite's blog claimed that "criminals" were using Signal to communicate to one another and that its Physical Analyzer programme "now allows lawful access to Signal app data".
"At Cellebrite, we work tirelessly to empower investigators in the public and private sector to find new ways to accelerate justice, protect communities, and save lives," the company claimed.
Haaretz reported that an earlier version of the post had said "Decrypting Signal messages and attachments was not an easy task. It required extensive research on many different fronts to create new capabilities from scratch," and provided a detailed explanation of how Cellebrite cracked Signal's code.
Haaretz said that an Israeli human rights lawyer, Eitay Mack, has recently launched a legal campaign against Cellebrite, attempting to limit its ability to provide software to authoritarian regimes.
Mack is trying to force the Israeli government to regulate sales of Cellebrite's hacking software in the same way the government regulates the sale of weapons.
Signal has been downloaded over a million times since May, with demand for it increasing since the coronavirus pandemic began, Haaretz reported.
Facebook, Skype, and Whatsapp have also adopted the Signal Protocol encryption code in order to protect user data.