WispApr 21, 2021
always impermanent

Ok, so cops have this tool called Cellbrite they use to automate collecting data off of cell phones that they physically posses and are unlocked.

Turns out, Cellbrite has shite security, which means that you can drop an otherwise-inert file somewhere in your phone's system that, if scanned, will inject itself and allow arbitrary code execution on their Cellbrite device. I.E, you can make their hardware do literally anything you want, including compromising any data the device collects.

And in what they describe as unrelated news, Signal will start occasionally and randomly stashing some inert files in installations on established accounts.

https://signal.org/blog/cellebrite-vulnerabilities/

Apr 21, 2021 at 8:05pmWeb
Show threadalways impermanentApr 21, 2021
(via @h3artbl33d but I wanted to add my own explanation)
Show threadWill 💜Apr 21, 2021

@starkatt the fuckin video demonstration is what gets me

moxie may be a bastard, but that was good

Show threadEl JoaApr 21, 2021

@starkatt

Wow, thats nice! Thanks for sharing!

Show threadTaz the pikaApr 21, 2021
@starkatt Know where one might be able to acquire such a file deliberately?
Show threadRobertApr 21, 2021
@starkatt lmfao "In completely unrelated news, upcoming versions of Signal will be periodically fetching files to place in app storage. These files [...] never interact with Signal software or data, but they look nice, and aesthetics are important in software. [...] We have a few different versions of files that we think are aesthetically pleasing, and will iterate through those slowly over time. There is no other significance to these files."
Show threadDaniel BohrerApr 21, 2021
@robotcarsley @starkatt yes, they made digital art!
Show threadElfi, local Disaster Fae 🧚Apr 22, 2021
@starkatt "We are of course willing to responsibly disclose the specific vulnerabilities we know about to Cellebrite if they do the same for all the vulnerabilities they use in their physical extraction and other services to their respective vendors, now and in the future." 🔥 🔥 🔥