Any word on how/if this affects Exchange Online/Outlook.com?
My understanding is that it only affects self hosted exchange with OWA enabled, and not cloud or hybrid exchange. It was a vulnerability in the self hosted OWA site.
0
Options
Mr_Rose83 Blue Ridge Protects the HolyRegistered Userregular
Any word on how/if this affects Exchange Online/Outlook.com?
My understanding is that it only affects self hosted exchange with OWA enabled, and not cloud or hybrid exchange. It was a vulnerability in the self hosted OWA site.
StragintDo Not GiftAlways DeclinesRegistered Userregular
Is malwarebytes still a good option to use? I just uninstalled mcafee cause it was being really garbage and not letting me do stuff. I still have microsoft security as well.
Mcafee showed there were 2 trojans from past scans but I couldn't look further into it so yea, done with that program.
PSN: Reaper_Stragint, Steam: DoublePitstoChesty
What is the point of being alive if you don't at least try to do something remarkable? ~ Mario Novak
I never fear death or dyin', I only fear never trying.
0
Options
ShadowfireVermont, in the middle of nowhereRegistered Userregular
Malwarebytes is still great, yes. Defender is all you really need unless you're into the shady bits of the internet, but having MBAM on standby is nice.
The problem I have with Malwarebytes is it tries to be a full blown AV now and I only want it to care about Malware.
+2
Options
ShadowfireVermont, in the middle of nowhereRegistered Userregular
Understandable. But it's done a better job blocking rogue websites and finding legit malware than most other antivirus I've used which.. I guess says something about those AV programs.
Inquisitor772 x Penny Arcade Fight Club ChampionA fixed point in space and timeRegistered Userregular
To their credit, Malwarebytes work really hard to avoid compatibility issues with other major endpoint providers. They still position themselves as a supplementary product rather than trying to do things like control your firewall settings and the like. And their free on-demand scanner is still among the best in the business.
The exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses.
The exposed data includes personal information of over 533 million Facebook users from 106 countries, including over 32 million records on users in the US, 11 million on users in the UK, and 6 million on users in India. It includes their phone numbers, Facebook IDs, full names, locations, birthdates, bios, and — in some cases — email addresses.
Back in December Cellebrite - the company behind many cops' favorite questionably ethical hacking tools - made claims about how they're able to crack the encryption on Signal, a secure messaging app.
This claim kind of pissed off Signal's creator, because he responded by cracking the Cellebrite software...
And learning that the whole thing is so insecure that not only are basic security procedures not in place, but you can even execute arbitrary code simply by adding files to the apps that Cellebrite scans.
Additionally, he found copyrighted Apple code in the installer for the Cellebrite software, which he hypothesizes is probably not used with Apple's permission since Apple historically has not enjoyed Cellebrite's claims that they can break into iOS devices.
Since almost all of Cellebrite’s code exists to parse untrusted input that could be formatted in an unexpected way to exploit memory corruption or other vulnerabilities in the parsing software, one might expect Cellebrite to have been extremely cautious. Looking at both UFED and Physical Analyzer, though, we were surprised to find that very little care seems to have been given to Cellebrite’s own software security. Industry-standard exploit mitigation defenses are missing, and many opportunities for exploitation are present.
As just one example (unrelated to what follows), their software bundles FFmpeg DLLs that were built in 2012 and have not been updated since then. There have been over a hundred security updates in that time, none of which have been applied.
...
Given the number of opportunities present, we found that it’s possible to execute arbitrary code on a Cellebrite machine simply by including a specially formatted but otherwise innocuous file in any app on a device that is subsequently plugged into Cellebrite and scanned. There are virtually no limits on the code that can be executed.
For example, by including a specially formatted but otherwise innocuous file in an app on a device that is then scanned by Cellebrite, it’s possible to execute code that modifies not just the Cellebrite report being created in that scan, but also all previous and future generated Cellebrite reports from all previously scanned devices and all future scanned devices in any arbitrary way (inserting or removing text, email, photos, contacts, files, or any other data), with no detectable timestamp changes or checksum failures. This could even be done at random, and would seriously call the data integrity of Cellebrite’s reports into question.
...
Also of interest, the installer for Physical Analyzer contains two bundled MSI installer packages named AppleApplicationsSupport64.msi and AppleMobileDeviceSupport6464.msi. These two MSI packages are digitally signed by Apple and appear to have been extracted from the Windows installer for iTunes version 12.9.0.167.
The Physical Analyzer setup program installs these MSI packages in C:\Program Files\Common Files\Apple. They contain DLLs implementing functionality that iTunes uses to interact with iOS devices.
The Cellebrite iOS Advanced Logical tool loads these Apple DLLs and uses their functionality to extract data from iOS mobile devices. The screenshot below shows that the Apple DLLs are loaded in the UFED iPhone Logical.exe process, which is the process name of the iOS Advanced Logical tool.
It seems unlikely to us that Apple has granted Cellebrite a license to redistribute and incorporate Apple DLLs in its own product, so this might present a legal risk for Cellebrite and its users.
Donnicton on
+19
Options
ShadowfireVermont, in the middle of nowhereRegistered Userregular
By a truly unbelievable coincidence, I was recently out for a walk when I saw a small package fall off a truck ahead of me. As I got closer, the dull enterprise typeface slowly came into focus: Cellebrite. Inside, we found the latest versions of the Cellebrite software, a hardware dongle designed to prevent piracy (tells you something about their customers I guess!), and a bizarrely large number of cable adapters.
"It fell off the back of a truck" is a real *chef kiss* on this article.
they basically killed cellebrite, made any use of it in the past basically attackable by a lawyer, and also pretty much made it clear that any phone using signal will be not friendly to cellebrite hacking attempts
edit: and, of course, the legal thing.
including apple dlls in your code without being allowed to, when apple is fighting cellebrite anyways?
a few lawyers' jobs at apple just got a lot easier
-Cellebrite DI Ltd, a digital intelligence company, said on Thursday it has agreed to go public through a merger with a blank-check firm, valuing the equity of the combined company at around $2.4 billion.
The deal is expected to provide the merged entity with gross cash proceeds of $480 million, including private investments from fund groups such as Light Street Capital, Makena Capital and Axon Enterprise Inc.
Founded in 1999, the Israel-based firm provides digital intelligence to public and private sector firms conducting investigations, helping them convict civil and criminal offenders.
Special purpose acquisition companies, or SPACs, are shell companies that raise funds through an initial public offering to take a private company public through a merger at a later date.
Cellebrite will merge with the SPAC TWC Tech Holdings II and begin trading on the Nasdaq after the merger under the new ticker symbol “CLBT”.
J.P. Morgan Securities LLC is serving as financial adviser to Cellebrite, while BofA Securities is the capital markets adviser to TWC Tech Holdings.
The completely unrelated
In completely unrelated news, upcoming versions of Signal will be periodically fetching files to place in app storage. These files are never used for anything inside Signal and never interact with Signal software or data, but they look nice, and aesthetics are important in software. Files will only be returned for accounts that have been active installs for some time already, and only probabilistically in low percentages based on phone number sharding. We have a few different versions of files that we think are aesthetically pleasing, and will iterate through those slowly over time. There is no other significance to these files.
Gotta love those aesthetically pleasing files that are definitely not being moved around strictly to fuck with Cellubrite!
The completely unrelated
In completely unrelated news, upcoming versions of Signal will be periodically fetching files to place in app storage. These files are never used for anything inside Signal and never interact with Signal software or data, but they look nice, and aesthetics are important in software. Files will only be returned for accounts that have been active installs for some time already, and only probabilistically in low percentages based on phone number sharding. We have a few different versions of files that we think are aesthetically pleasing, and will iterate through those slowly over time. There is no other significance to these files.
Gotta love those aesthetically pleasing files that are definitely not being moved around strictly to fuck with Cellubrite!
The best part is that he never has to actually put any files out at all. The threat does 90% of the work.
The fact that it only happens on well established accounts and based on phone number of the device/account means he is going to use it for legit users so they can't just download the app and figure out how to get around the problem in a week.
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
Ooh darn, I have Signal installed - have had for years over maybe three phones? - but never actually set up an account due to nobody else I know using the thing.
Can someone walk me through what all this means? Cellebrite is a security company/app that is using Apple code illegally and does something with signal? I am lost.
Gamertag: KL Retribution
PSN:Furlion
0
Options
OrcaAlso known as EspressosaurusWrexRegistered Userregular
Cellebrite is a security company that breaks on-phone security measures so that police and others can unlock phones in their posession and obtain information from said phones
At some point they included the ability to pull data from Signal
Signal dev(s) decided "fuck that noise" and started looking into how Cellebrite breaks into phones
Part of how they break in includes redistribution of Apple-copyrighted DLLs that they are not legally allowed to redistribute
Cellebrite's intrusion software includes a large number of vulnerabilities
Signal dev announced they are going to start including files that will fuck up the chain of custody for computers using Cellebrite if they use it to grab files from Signal on phones they're unlocking
tl;dr: Signal dev basically declared open season on Cellebrite.
To be clear on the last bullet, they intimated that they could do that but in reality they most certainly will not be including any files that would exploit any of the Cellebrite vulns. That path ends in multiple felony's and every app store dropping you.
Now periodically releasing non-coordinated disclosure reports that include full PoCs (proof of concept) for these vulns, that I could see.
To be clear on the last bullet, they intimated that they could do that but in reality they most certainly will not be including any files that would exploit any of the Cellebrite vulns. That path ends in multiple felony's and every app store dropping you.
Now periodically releasing non-coordinated disclosure reports that include full PoCs (proof of concept) for these vulns, that I could see.
Would that actually result in felonies though? They aren't actually doing anything, Cellebrite is the one activating and running code. If they're dumb enough to execute files during their hacking attempts, what legal liability would Signal have there if it wrecked the device running the hack.
It's a third party accessing and running their program without express permission in a manner other than it was designed and intended. I don't see how that holds up in court.
To be clear on the last bullet, they intimated that they could do that but in reality they most certainly will not be including any files that would exploit any of the Cellebrite vulns. That path ends in multiple felony's and every app store dropping you.
Now periodically releasing non-coordinated disclosure reports that include full PoCs (proof of concept) for these vulns, that I could see.
Would that actually result in felonies though? They aren't actually doing anything, Cellebrite is the one activating and running code. If they're dumb enough to execute files during their hacking attempts, what legal liability would Signal have there if it wrecked the device running the hack.
It's a third party accessing and running their program without express permission in a manner other than it was designed and intended. I don't see how that holds up in court.
Almost certainly yes. We're not talking about a rm -rf script that an operator stupidly ran, purposefully exploiting a vuln beyond what is required to prove the vulns existence is going to cause you legal issues. Doing it to interfere with a law enforcement investigation is going to get every DA in the country to perk up in anticipation. Doing it from your encrypted messaging app is going to get the Intelligence agencies to pop some corks because for all of Cellebrite's posturing they can only access Signal data that's already at rest on an endpoint, not in transit.
Edit: Cellebrite is run by law enforcement searching a phone, if that search is illegal then the proper course of action is through the courts. Using a RCE vuln to damage or degrade someone else's system will 100% of the time leave you legally liable.
This feels less like leaving a beartrap in your kitchen to deter burglars and more like leaving a hammer lying on your counter and the burglar beating themselves over the head with it.
Just remember that half the people you meet are below average intelligence.
I think people are focusing on the wrong part. There's 3 parts to an exploit.
Vulnerability- defect in software
Exploit - piece of code the exercises the vulnerability
Payload - what the exploit ultimately delivers/runs.
Exploits are often complex while a payload is usually something simple like a shell that allows access to a system (generalizing here) or some second stage for malware.
Cellebrite has a parser defect (vuln), it might get triggered regularly because files are stupid and weird but most of those are going to simply result in a crash. Signal found a way to reliably trigger (exploit) it that allows them to run code, that makes it a remote code execution (RCE) vulnerability. They use the RCE exploit to drop a shell (payload) which then allows them muck about on the system as if they were sitting at the keyboard, that's how they're messing with reports.
More simply the exploit allows access, what happens with that access is up to whoever is running the exploit.
Unfortunately, or fortunately depending on who you are, stuff like that is hard to prove fault.
Cellebrite is already operating in a legally gray area...though probably not actually and completely wrong legally if defendants could afford to sue for breach of due process and 4th amendment violations.
You also have to prove that it was Signal's app that caused it, and with the intention of fubaring your investigation. Would you say it's the fault of Microsoft that a lawyer is using a known vulnerable email client because they're not smart enough to understand or know better or use better tools when outlook runs code that fubars the machine and/or evidence because you left the preview pane on?
This stuff is already borderline in violation of 4th and 5th amendments to begin with, courts just haven't kept up and police are fucking shitbags full of shit.
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
Also cellebrite is already in violation of copyright and distribution laws, they're fucked no matter what Signal does. Any evidence gathered by illicit means should essentially be null and void if our justice system gave a shit.
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
+2
Options
OrcaAlso known as EspressosaurusWrexRegistered Userregular
Unfortunately, or fortunately depending on who you are, stuff like that is hard to prove fault.
Cellebrite is already operating in a legally gray area...though probably not actually and completely wrong legally if defendants could afford to sue for breach of due process and 4th amendment violations.
You also have to prove that it was Signal's app that caused it, and with the intention of fubaring your investigation. Would you say it's the fault of Microsoft that a lawyer is using a known vulnerable email client because they're not smart enough to understand or know better or use better tools when outlook runs code that fubars the machine and/or evidence because you left the preview pane on?
This stuff is already borderline in violation of 4th and 5th amendments to begin with, courts just haven't kept up and police are fucking shitbags full of shit.
At the same time, that's not a fight you want to have as a company unless you are in full "no fucks to give" territory and don't care if you get sued/deplatformed/etc.
A company whose entire business model is built around encrypted messaging is definitely the kind of company that would fight a supreme court battle about 4th amendment rights and their clients being spied on.
It'll be interesting to see how they play this on top of that. There's nothing inherently wrong with designing files that wipe users' data from being stolen without permission. So long as it doesn't fuck up the rest of the system.
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
You also have to prove that it was Signal's app that caused it, and with the intention of fubaring your investigation. Would you say it's the fault of Microsoft that a lawyer is using a known vulnerable email client because they're not smart enough to understand or know better or use better tools when outlook runs code that fubars the machine and/or evidence because you left the preview pane on?
If Microsoft knew the lawyer had the preview pane on and intentionally emailed the lawyer malicious code that would be run then yes. Like how is that even a question?
Are you really asserting a 4th amendment right to counter hack the government? If the search is illegal then your recourse is to challenge the search itself. Altering, damaging, or degrading someone else's system is just going to lead you into trouble.
Signal wants to damage Cellebrite's credibility and admissibility in court. They're going to do that through posts highlighting errors and vulnerabilities and disclosing PoCs to show how someone could theoretically mess with the chain of evidence. Maybe those PoCs fall off a truck in front of people who would use them and don't have a business to worry about.
At no point is Signal going to intentionally release code that would damage someone's system just because their founder is irritated at some greyware firm.
If there is one thing that's been made clear in computer/security law enforcement, it's that you can get good and fucked by the DoJ for any reason if they don't like what you did.
You also have to prove that it was Signal's app that caused it, and with the intention of fubaring your investigation. Would you say it's the fault of Microsoft that a lawyer is using a known vulnerable email client because they're not smart enough to understand or know better or use better tools when outlook runs code that fubars the machine and/or evidence because you left the preview pane on?
If Microsoft knew the lawyer had the preview pane on and intentionally emailed the lawyer malicious code that would be run then yes. Like how is that even a question?
Are you really asserting a 4th amendment right to counter hack the government? If the search is illegal then your recourse is to challenge the search itself. Altering, damaging, or degrading someone else's system is just going to lead you into trouble.
Signal wants to damage Cellebrite's credibility and admissibility in court. They're going to do that through posts highlighting errors and vulnerabilities and disclosing PoCs to show how someone could theoretically mess with the chain of evidence. Maybe those PoCs fall off a truck in front of people who would use them and don't have a business to worry about.
At no point is Signal going to intentionally release code that would damage someone's system just because their founder is irritated at some greyware firm.
I would agree normally, but moxie marlinspike is a pretty unusual person
You also have to prove that it was Signal's app that caused it, and with the intention of fubaring your investigation. Would you say it's the fault of Microsoft that a lawyer is using a known vulnerable email client because they're not smart enough to understand or know better or use better tools when outlook runs code that fubars the machine and/or evidence because you left the preview pane on?
If Microsoft knew the lawyer had the preview pane on and intentionally emailed the lawyer malicious code that would be run then yes. Like how is that even a question?
Are you really asserting a 4th amendment right to counter hack the government? If the search is illegal then your recourse is to challenge the search itself. Altering, damaging, or degrading someone else's system is just going to lead you into trouble.
Signal wants to damage Cellebrite's credibility and admissibility in court. They're going to do that through posts highlighting errors and vulnerabilities and disclosing PoCs to show how someone could theoretically mess with the chain of evidence. Maybe those PoCs fall off a truck in front of people who would use them and don't have a business to worry about.
At no point is Signal going to intentionally release code that would damage someone's system just because their founder is irritated at some greyware firm.
Yes, but this is by no means targeted to that degree. One could argue that they have given Cellebrite due notice of their vulnerability and advised on potential routes for fixes, they've done what they can in good faith. A worse actor would not disclose. If Cellebrite does not fix, the onus is on them as they knew of major issues that compromised the nature of their software and the investigations, yet chose to do nothing. Once you are alerted to a major vulnerability and choose NOT to remediate it, you'd likely get tagged with negligence if anything bad happened, not Signal.
You also have to prove that it was Signal's app that caused it, and with the intention of fubaring your investigation. Would you say it's the fault of Microsoft that a lawyer is using a known vulnerable email client because they're not smart enough to understand or know better or use better tools when outlook runs code that fubars the machine and/or evidence because you left the preview pane on?
If Microsoft knew the lawyer had the preview pane on and intentionally emailed the lawyer malicious code that would be run then yes. Like how is that even a question?
Are you really asserting a 4th amendment right to counter hack the government? If the search is illegal then your recourse is to challenge the search itself. Altering, damaging, or degrading someone else's system is just going to lead you into trouble.
Signal wants to damage Cellebrite's credibility and admissibility in court. They're going to do that through posts highlighting errors and vulnerabilities and disclosing PoCs to show how someone could theoretically mess with the chain of evidence. Maybe those PoCs fall off a truck in front of people who would use them and don't have a business to worry about.
At no point is Signal going to intentionally release code that would damage someone's system just because their founder is irritated at some greyware firm.
Yes, but this is by no means targeted to that degree. One could argue that they have given Cellebrite due notice of their vulnerability and advised on potential routes for fixes, they've done what they can in good faith. A worse actor would not disclose. If Cellebrite does not fix, the onus is on them as they knew of major issues that compromised the nature of their software and the investigations, yet chose to do nothing. Once you are alerted to a major vulnerability and choose NOT to remediate it, you'd likely get tagged with negligence if anything bad happened, not Signal.
I'm not sure what you're arguing against here.
The line of discussion is about Signal joking about potentially including files that execute malicious code when parsed by Cellebrite and whether that would be a crime (yes, it would be).
0
Options
ShadowfireVermont, in the middle of nowhereRegistered Userregular
To be clear on the last bullet, they intimated that they could do that but in reality they most certainly will not be including any files that would exploit any of the Cellebrite vulns. That path ends in multiple felony's and every app store dropping you.
Now periodically releasing non-coordinated disclosure reports that include full PoCs (proof of concept) for these vulns, that I could see.
Would that actually result in felonies though? They aren't actually doing anything, Cellebrite is the one activating and running code. If they're dumb enough to execute files during their hacking attempts, what legal liability would Signal have there if it wrecked the device running the hack.
It's a third party accessing and running their program without express permission in a manner other than it was designed and intended. I don't see how that holds up in court.
Almost certainly yes. We're not talking about a rm -rf script that an operator stupidly ran, purposefully exploiting a vuln beyond what is required to prove the vulns existence is going to cause you legal issues. Doing it to interfere with a law enforcement investigation is going to get every DA in the country to perk up in anticipation. Doing it from your encrypted messaging app is going to get the Intelligence agencies to pop some corks because for all of Cellebrite's posturing they can only access Signal data that's already at rest on an endpoint, not in transit.
Edit: Cellebrite is run by law enforcement searching a phone, if that search is illegal then the proper course of action is through the courts. Using a RCE vuln to damage or degrade someone else's system will 100% of the time leave you legally liable.
Cellebrite devices are also used by retailers to transfer data between phones. It's not just a LE tool, that's just the thing we're most interested in here.
Posts
My understanding is that it only affects self hosted exchange with OWA enabled, and not cloud or hybrid exchange. It was a vulnerability in the self hosted OWA site.
OK, that’s less concerning then. Thanks.
Nintendo Network ID: AzraelRose
DropBox invite link - get 500MB extra free.
Mcafee showed there were 2 trojans from past scans but I couldn't look further into it so yea, done with that program.
What is the point of being alive if you don't at least try to do something remarkable? ~ Mario Novak
I never fear death or dyin', I only fear never trying.
https://www.reddit.com/r/exchangeserver/comments/mq6z8n/released_april_2021_exchange_server_security/
Carole Cadwalladr is the journalist who originally broke the Cambridge Analytica story.
Steam | XBL
Buk buk.
This claim kind of pissed off Signal's creator, because he responded by cracking the Cellebrite software...
And learning that the whole thing is so insecure that not only are basic security procedures not in place, but you can even execute arbitrary code simply by adding files to the apps that Cellebrite scans.
Additionally, he found copyrighted Apple code in the installer for the Cellebrite software, which he hypothesizes is probably not used with Apple's permission since Apple historically has not enjoyed Cellebrite's claims that they can break into iOS devices.
https://signal.org/blog/cellebrite-vulnerabilities/
"It fell off the back of a truck" is a real *chef kiss* on this article.
they basically killed cellebrite, made any use of it in the past basically attackable by a lawyer, and also pretty much made it clear that any phone using signal will be not friendly to cellebrite hacking attempts
edit: and, of course, the legal thing.
including apple dlls in your code without being allowed to, when apple is fighting cellebrite anyways?
a few lawyers' jobs at apple just got a lot easier
from April 8, 2021
https://www.reuters.com/article/us-cellebrite-m-a-twc-tech-hldg-ii-idUSKBN2BV1OX
Gotta love those aesthetically pleasing files that are definitely not being moved around strictly to fuck with Cellubrite!
The best part is that he never has to actually put any files out at all. The threat does 90% of the work.
3DS: 0473-8507-2652
Switch: SW-5185-4991-5118
PSN: AbEntropy
The fact that it only happens on well established accounts and based on phone number of the device/account means he is going to use it for legit users so they can't just download the app and figure out how to get around the problem in a week.
Steam | XBL
PSN:Furlion
tl;dr: Signal dev basically declared open season on Cellebrite.
Now periodically releasing non-coordinated disclosure reports that include full PoCs (proof of concept) for these vulns, that I could see.
PSN:Furlion
Would that actually result in felonies though? They aren't actually doing anything, Cellebrite is the one activating and running code. If they're dumb enough to execute files during their hacking attempts, what legal liability would Signal have there if it wrecked the device running the hack.
It's a third party accessing and running their program without express permission in a manner other than it was designed and intended. I don't see how that holds up in court.
Almost certainly yes. We're not talking about a rm -rf script that an operator stupidly ran, purposefully exploiting a vuln beyond what is required to prove the vulns existence is going to cause you legal issues. Doing it to interfere with a law enforcement investigation is going to get every DA in the country to perk up in anticipation. Doing it from your encrypted messaging app is going to get the Intelligence agencies to pop some corks because for all of Cellebrite's posturing they can only access Signal data that's already at rest on an endpoint, not in transit.
Edit: Cellebrite is run by law enforcement searching a phone, if that search is illegal then the proper course of action is through the courts. Using a RCE vuln to damage or degrade someone else's system will 100% of the time leave you legally liable.
Vulnerability- defect in software
Exploit - piece of code the exercises the vulnerability
Payload - what the exploit ultimately delivers/runs.
Exploits are often complex while a payload is usually something simple like a shell that allows access to a system (generalizing here) or some second stage for malware.
Cellebrite has a parser defect (vuln), it might get triggered regularly because files are stupid and weird but most of those are going to simply result in a crash. Signal found a way to reliably trigger (exploit) it that allows them to run code, that makes it a remote code execution (RCE) vulnerability. They use the RCE exploit to drop a shell (payload) which then allows them muck about on the system as if they were sitting at the keyboard, that's how they're messing with reports.
More simply the exploit allows access, what happens with that access is up to whoever is running the exploit.
Cellebrite is already operating in a legally gray area...though probably not actually and completely wrong legally if defendants could afford to sue for breach of due process and 4th amendment violations.
You also have to prove that it was Signal's app that caused it, and with the intention of fubaring your investigation. Would you say it's the fault of Microsoft that a lawyer is using a known vulnerable email client because they're not smart enough to understand or know better or use better tools when outlook runs code that fubars the machine and/or evidence because you left the preview pane on?
This stuff is already borderline in violation of 4th and 5th amendments to begin with, courts just haven't kept up and police are fucking shitbags full of shit.
At the same time, that's not a fight you want to have as a company unless you are in full "no fucks to give" territory and don't care if you get sued/deplatformed/etc.
It'll be interesting to see how they play this on top of that. There's nothing inherently wrong with designing files that wipe users' data from being stolen without permission. So long as it doesn't fuck up the rest of the system.
If Microsoft knew the lawyer had the preview pane on and intentionally emailed the lawyer malicious code that would be run then yes. Like how is that even a question?
Are you really asserting a 4th amendment right to counter hack the government? If the search is illegal then your recourse is to challenge the search itself. Altering, damaging, or degrading someone else's system is just going to lead you into trouble.
Signal wants to damage Cellebrite's credibility and admissibility in court. They're going to do that through posts highlighting errors and vulnerabilities and disclosing PoCs to show how someone could theoretically mess with the chain of evidence. Maybe those PoCs fall off a truck in front of people who would use them and don't have a business to worry about.
At no point is Signal going to intentionally release code that would damage someone's system just because their founder is irritated at some greyware firm.
I would agree normally, but moxie marlinspike is a pretty unusual person
Yes, but this is by no means targeted to that degree. One could argue that they have given Cellebrite due notice of their vulnerability and advised on potential routes for fixes, they've done what they can in good faith. A worse actor would not disclose. If Cellebrite does not fix, the onus is on them as they knew of major issues that compromised the nature of their software and the investigations, yet chose to do nothing. Once you are alerted to a major vulnerability and choose NOT to remediate it, you'd likely get tagged with negligence if anything bad happened, not Signal.
I'm not sure what you're arguing against here.
The line of discussion is about Signal joking about potentially including files that execute malicious code when parsed by Cellebrite and whether that would be a crime (yes, it would be).
Cellebrite devices are also used by retailers to transfer data between phones. It's not just a LE tool, that's just the thing we're most interested in here.