this post was submitted on 30 Nov 2025
494 points (97.0% liked)

Technology

77196 readers
2561 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
494
Israel’s IDF Bans Android Phones—iPhones Now ‘Mandatory’ (www.forbes.com)
submitted 1 day ago by fne8w2ah@lemmy.world to c/technology@lemmy.world
115 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] kbobabob@lemmy.dbzer0.com 32 points 1 day ago (1 children)

In 2021, Moxie Marlinspike, creator of the encrypted messaging app Signal, pointed to several vulnerabilities in Cellebrite's UFED and Physical Analyzer software that allowed for arbitrary code execution on Windows computers running the software. One exploit he detailed involved the UFED scanning a specially formatted file, which could then be used to execute arbitrary code on the computer running the UFED. Marlinspike wrote that the code could then "[modify] not just the Cellebrite report being created in that scan, but also "all previous and future generated Cellebrite reports" from all previously scanned devices and all future scanned devices in any arbitrary way."[27] Marlinspike also found that Cellebrite software was bundled with out-of-date FFmpeg DLL files from 2012, which lacked over 100 subsequent security updates. Windows Installer packages, extracted from the Windows installer for iTunes and signed by Apple, were also found, which he said raised legal concerns.[28] Cellebrite responded that the company "is committed to protecting the integrity of our customers' data, and we continually audit and update our software in order to equip our customers with the best digital intelligence solutions available."[29] The report by Signal followed an announcement by Cellebrite in 2020 that it had developed technology to crack encrypted messages in the Signal app, a claim the company later retracted and downplayed.[30][31] The announcement by Marlinspike raised questions about the integrity of data extracted by the software,[32][33] and prompted Cellebrite to patch some of the vulnerabilities found by Signal and to remove full support for analyzing iPhones.[34][35]

Source: https://en.wikipedia.org/wiki/Cellebrite

Sounds like it is just malware to me.

[–] SlurpingPus@lemmy.world 16 points 1 day ago (1 children)

Vulnerable software is different from malware.

Iirc there was also the part of the story where the exploit for Cellebrite's thing was included in Signal, and Marlinspike said that data on any device scanning Signal with Cellebrite software would be poisoned.

[–] 418_im_a_teapot@sh.itjust.works 1 points 1 day ago (1 children)

What I’m hearing is that even if you aren’t a Signal user, you might benefit from having Signal installed on your device?

[–] SlurpingPus@lemmy.world 3 points 1 day ago

I'm guessing things might've changed since then, as this story is pretty old. I doubt it that they gotten newer versions of Cellebrite to screw them again.