Phone scanning and data extraction company Cellebrite is facing the prospect of app makers being able to hack back at the tool, after Signal revealed it was possible to gain arbitrary code execution through its tools.

Cellebrite tools are used to pull data out of phones the user has in their possession.

“By including a specially formatted but otherwise innocuous file in an app on a device that is then scanned by Cellebrite, it’s possible to execute code that modifies not just the Cellebrite report being created in that scan, but also all previous and future generated Cellebrite reports from all previously scanned devices and all future scanned devices in any arbitrary way (inserting or removing text, email, photos, contacts, files, or any other data), with no detectable timestamp changes or checksum failures,” Signal CEO Moxie Marlinspike wrote.

“This could even be done at random, and would seriously call the data integrity of Cellebrite’s reports into question.”

Usually, when vulnerabilities of this type are found, the issue is disclosed to the maker of the software to fix, but since Cellebrite makes a living from undisclosed vulnerabilities, Marlinspike raised the stakes.

“We are of course willing to responsibly disclose the specific vulnerabilities we know about to Cellebrite if they do the same for all the vulnerabilities they use in their physical extraction and other services to their respective vendors, now and in the future,” he said.

The Signal CEO said that Cellebrite contains “many opportunities for exploitation” and he thought they should have been more careful when creating the tool.

For instance, Cellebrite bundles FFmpeg DLLs from 2012. Since that year, FFmpeg has had almost 230 vulnerabilities reported.

Marlinspike also pointed out that Cellebrite is bundling two installers from Apple to allow the tools to extract data when an iOS device is used.

“It seems unlikely to us that Apple has granted Cellebrite a license to redistribute and incorporate Apple DLLs in its own product, so this might present a legal risk for Cellebrite and its users,” he said.

In a video dripping with references to the movie Hackers, Marlinspike showed an exploit in action, before rattling a sabre in the direction of Cellebrite.

“In completely unrelated news, upcoming versions of Signal will be periodically fetching files to place in app storage. These files are never used for anything inside Signal and never interact with Signal software or data, but they look nice, and aesthetics are important in software,” he said.

“We have a few different versions of files that we think are aesthetically pleasing, and will iterate through those slowly over time. There is no other significance to these files.”

Marlinspike said he was incredibly lucky to have found a Cellebrite tool package laying on the ground while going for a walk.

In December, Marlinspike lashed out at Cellebrite claims that it could crack Signal’s encryption.

“Cellebrite posted something with a lot of detail, then quickly took it down and replaced it with something that has no detail,” Marlinspike wrote at the time.

“This is not because they ‘revealed’ anything about some super advanced technique they have developed (remember, this is a situation where someone could just open the app and look at the messages). They took it down for the exact opposite reason: it made them look bad.

“Articles about this post would have been more appropriately titled ‘Cellebrite accidentally reveals that their technical abilities are as bankrupt as their function in the world.'”

Related Coverage

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://www.zdnet.com/article/signal-rattles-sabre-and-exposes-crackable-cellebrite-underbelly/#ftag=RSSbaffb68

Phone scanning and data extraction company Cellebrite is facing the prospect of app makers being able to hack back at the tool, after Signal revealed it was possible to gain arbitrary code execution through its tools.

Cellebrite tools are used to pull data out of phones the user has in their possession.

“By including a specially formatted but otherwise innocuous file in an app on a device that is then scanned by Cellebrite, it’s possible to execute code that modifies not just the Cellebrite report being created in that scan, but also all previous and future generated Cellebrite reports from all previously scanned devices and all future scanned devices in any arbitrary way (inserting or removing text, email, photos, contacts, files, or any other data), with no detectable timestamp changes or checksum failures,” Signal CEO Moxie Marlinspike wrote.

“This could even be done at random, and would seriously call the data integrity of Cellebrite’s reports into question.”

Usually, when vulnerabilities of this type are found, the issue is disclosed to the maker of the software to fix, but since Cellebrite makes a living from undisclosed vulnerabilities, Marlinspike raised the stakes.

“We are of course willing to responsibly disclose the specific vulnerabilities we know about to Cellebrite if they do the same for all the vulnerabilities they use in their physical extraction and other services to their respective vendors, now and in the future,” he said.

The Signal CEO said that Cellebrite contains “many opportunities for exploitation” and he thought they should have been more careful when creating the tool.

For instance, Cellebrite bundles FFmpeg DLLs from 2012. Since that year, FFmpeg has had almost 230 vulnerabilities reported.

Marlinspike also pointed out that Cellebrite is bundling two installers from Apple to allow the tools to extract data when an iOS device is used.

“It seems unlikely to us that Apple has granted Cellebrite a license to redistribute and incorporate Apple DLLs in its own product, so this might present a legal risk for Cellebrite and its users,” he said.

In a video dripping with references to the movie Hackers, Marlinspike showed an exploit in action, before rattling a sabre in the direction of Cellebrite.

“In completely unrelated news, upcoming versions of Signal will be periodically fetching files to place in app storage. These files are never used for anything inside Signal and never interact with Signal software or data, but they look nice, and aesthetics are important in software,” he said.

“We have a few different versions of files that we think are aesthetically pleasing, and will iterate through those slowly over time. There is no other significance to these files.”

Marlinspike said he was incredibly lucky to have found a Cellebrite tool package laying on the ground while going for a walk.

In December, Marlinspike lashed out at Cellebrite claims that it could crack Signal’s encryption.

“Cellebrite posted something with a lot of detail, then quickly took it down and replaced it with something that has no detail,” Marlinspike wrote at the time.

“This is not because they ‘revealed’ anything about some super advanced technique they have developed (remember, this is a situation where someone could just open the app and look at the messages). They took it down for the exact opposite reason: it made them look bad.

“Articles about this post would have been more appropriately titled ‘Cellebrite accidentally reveals that their technical abilities are as bankrupt as their function in the world.'”

Related Coverage

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://www.zdnet.com/article/signal-rattles-sabre-and-exposes-crackable-cellebrite-underbelly/#ftag=RSSbaffb68

Netgear on Wednesday reported better-than-expected first quarter financial results, in part thanks to strong SMB sales. 

Non-GAAP net income per diluted share came to 99 cents. Net revenue was $317.9 million, an increase of 38.3 percent from the comparable prior year quarter. 

Analysts were expecting earnings of 66 cents per share on revenue of $310.21 million. 

The SMB business brought in $77 million, growing nearly 18 percent year-over-year. Its Connected Home business brought in $240.9 million, up 46 percent year-over-year. 

“With both businesses performing well, Q1 marks a strong beginning to the year for us,” CEO Patrick Lo said in a statement. “The Netgear team again navigated the ongoing challenges in the supply chain to deliver strong revenue growth… The higher than anticipated demand for SMB products propelled us over the high end of our topline guidance range. Non-GAAP operating margin significantly exceeded expectations, buoyed by a higher mix of SMB and higher margin e-commerce revenue as well as lower air freight expense.”

Netgear’s SMB business benefited from the reopening of economies worldwide, while the Consumer Home business was led by the premium segment. The company gained Consumer Home market share globally and saw its US market share in consumer WiFi climb two points in the first quarter. 

Netgear is on track to reach its goal of  650,000 subscribers by the end of the year, Lo said. The company added 44,000 subscribers in Q1, exiting the quarter with 481,000. 

Second quarter net revenue is expected to be in the range of $305 million to $320 million.

Checkout PrimeXBT
Trade with the Official CFD Partners of AC Milan
Source: https://www.zdnet.com/article/netgear-beats-q1-expectations-with-strong-smb-revenue/#ftag=RSSbaffb68

Netgear on Wednesday reported better-than-expected first quarter financial results, in part thanks to strong SMB sales. 

Non-GAAP net income per diluted share came to 99 cents. Net revenue was $317.9 million, an increase of 38.3 percent from the comparable prior year quarter. 

Analysts were expecting earnings of 66 cents per share on revenue of $310.21 million. 

The SMB business brought in $77 million, growing nearly 18 percent year-over-year. Its Connected Home business brought in $240.9 million, up 46 percent year-over-year. 

“With both businesses performing well, Q1 marks a strong beginning to the year for us,” CEO Patrick Lo said in a statement. “The Netgear team again navigated the ongoing challenges in the supply chain to deliver strong revenue growth… The higher than anticipated demand for SMB products propelled us over the high end of our topline guidance range. Non-GAAP operating margin significantly exceeded expectations, buoyed by a higher mix of SMB and higher margin e-commerce revenue as well as lower air freight expense.”

Netgear’s SMB business benefited from the reopening of economies worldwide, while the Consumer Home business was led by the premium segment. The company gained Consumer Home market share globally and saw its US market share in consumer WiFi climb two points in the first quarter. 

Netgear is on track to reach its goal of  650,000 subscribers by the end of the year, Lo said. The company added 44,000 subscribers in Q1, exiting the quarter with 481,000. 

Second quarter net revenue is expected to be in the range of $305 million to $320 million.

Checkout PrimeXBT
Trade with the Official CFD Partners of AC Milan
Source: https://www.zdnet.com/article/netgear-beats-q1-expectations-with-strong-smb-revenue/#ftag=RSSbaffb68