Moxie Marlinspike of Signal wrote on Wednesday how he was able hack into a Cellebrite device. These devices are used by entities like law enforcement to brute force their way into devices like iPhones.
Given the number of opportunities present, we found that it’s possible to execute arbitrary code on a Cellebrite machine simply by including a specially formatted but otherwise innocuous file in any app on a device that is subsequently plugged into Cellebrite and scanned. There are virtually no limits on the code that can be executed.
A fascinating write-up. One can only imagine the thrill of taking a walk, seeing a package fall out of a truck, and finding out that it’s a Cellebrite device.