London Daily

Focus on the big picture.
Tuesday, Jul 07, 2026

Signal founder: I hacked police phone-cracking tool Cellebrite

Signal founder: I hacked police phone-cracking tool Cellebrite

Moxie Marlinspike accuses surveillance firm of being ‘linked to persecution’ around the world

The CEO of the messaging app Signal claims to have hacked the phone-cracking tools used by police in Britain and around the world to extract information from seized devices.

In an online post, Moxie Marlinspike, the security researcher who founded Signal in 2013, detailed a series of vulnerabilities in the surveillance devices, made by the Israeli company Cellebrite.

Marlinspike says those weaknesses make it easy for anyone to plant code on a phone that would take over Cellebrite’s hardware if it was used to scan the device. It would not only be able to silently affect all future investigations, but also to rewrite the data the tools had saved from previous analyses.

Marlinspike has been an outspoken critic of Cellebrite since the company claimed to be able to “break Signal encryption”, a claim the hacker has dismissed. “Cellebrite makes software to automate physically extracting and indexing data from mobile devices,” he says. “Their customer list has included authoritarian regimes in Belarus, Russia, Venezuela and China; death squads in Bangladesh; military juntas in Myanmar; and those seeking to abuse and oppress in Turkey, UAE and elsewhere.

“Their products have often been linked to the persecution of imprisoned journalists and activists around the world, but less has been written about what their software actually does or how it works.”

Police forces around the world use Cellebrite’s technology to help in digital investigations, particularly when they have managed to get hold of a physical device owned by a suspect or person of interest. While Cellebrite has been linked with attempts to bypass encrypted devices, the majority of its tools are built to allow digital forensics teams to extract information from unlocked, powered-on devices, and automate the sort of searches they could theoretically do by hand on the phone itself.

But through reverse-engineering one Cellebrite device (Marlinspike claims he acquired the device “when I saw a small package fall off a truck ahead of me”), Signal’s founder says he found more than 100 security vulnerabilities, just one of which could modify “not just the Cellebrite report being created in that scan, but also all previous and future generated Cellebrite reports from all previously scanned devices and all future scanned devices.”

“Any app could contain such a file, and until Cellebrite is able to accurately repair all vulnerabilities in its software with extremely high confidence, the only remedy a Cellebrite user has is to not scan devices,” Marlinspike says. In a winking suggestion that his company has placed such a booby-trap inside its own app, Marlinspike adds that “in completely unrelated news, upcoming versions of Signal will be periodically fetching files to place in app storage. These files are never used for anything inside Signal and never interact with Signal software or data, but they look nice, and aesthetics are important in software.”

In a statement, Cellebrite said: “Cellebrite enables customers to protect and save lives, accelerate justice and preserve privacy in legally sanctioned investigations. We have strict licensing policies that govern how customers are permitted to use our technology and do not sell to countries under sanction by the US, Israel or the broader international community. Cellebrite is committed to protecting the integrity of our customers’ data, and we continually audit and update our software in order to equip our customers with the best digital intelligence solutions available.”

Newsletter

Related Articles

0:00
0:00
Close
UK MPs Criticise Student Loan System as Potentially Mis-Sold to Millions of Borrowers
Policy Groups Propose Bank of England-Backed Solar Loan Scheme for Millions of Homes
UK Health Agency Issues Amber Heat Alerts Across Six Regions as Temperatures Rise
Royal Air Force F-35 Jets Conduct First High North Air Policing Missions From Aircraft Carrier
Major UK Companies Join Government Cybersecurity Pledge Amid Rising Digital Threats
UK Sanctions Russian Operatives Linked to Chemical Weapons Programmes and Poisoning Cases
UK Government Expands Free Breakfast Clubs and Limits School Uniform Costs
UK Water Companies Face Tougher Penalties Under New Environmental Enforcement Rules
UK Universities Warn Funding Cuts Could Damage Skills Pipeline and Economic Growth
NHS Expands Artificial Intelligence Tools to Help Reduce Patient Waiting Lists
NHS Ombudsman Criticises Failures in End-of-Life Communication and Patient Care
NHS Launches Nationwide Vaccination Drive After Rise in Measles Cases
UK Government Introduces New Limits on Foreign-Linked Political Donations
Thames Water Creditors Advance £10 Billion Rescue Plan to Prevent Potential Public Ownership
Andy Burnham Prepares Labour Leadership Platform as Party Faces Post-Starmer Transition
UK Met Office Issues Heatwave Alerts for London and Southern England
Keir Starmer Blocks Earlier World Cup Kick-Off Time for England Match Against Mexico
NHS Digital Transformation and Media Consolidation Highlight UK Policy Priorities
UK Government Pushes Digital Trade Rules to Cut Export Costs for Businesses
Bank of England Plans Leverage Rule Changes to Support Government Bond Market
UK Police Operation Targets Organised Immigration Crime Networks With Hundreds of Arrests
Yvette Cooper Calls for Global AI Rules to Prevent Security Risks
NHS Begins Major AI Expansion Through £10 Billion Digital Investment Programme
UK Government Tightens Rules on Political Donations to Limit Foreign Influence
Keir Starmer Defends UK Defence Spending Plan at NATO Summit in Turkey
Comcast’s Sky Agrees £1.6 Billion Deal to Acquire ITV Media and Entertainment Division
Senior NHS Doctors Vote in Favour of Renewed Strike Action Over Pay Dispute
Andy Burnham Set to Succeed Keir Starmer as Labour Leadership Nominations Open
Microsoft Lays Off 4,800 Employees and Xbox Suffers the Hardest Blow
Deep Purple Has Released Its Best Album in Decades
Office for National Statistics Updates Historical Investment Data Review to Improve Accuracy
Department for Science, Innovation and Technology Highlights Economic Gains From Digital Inclusion
Debate Intensifies Over UK Defence Strategy and Domestic Security Priorities
Report Warns Full Transport Accessibility Could Add £176 Billion to UK Economy Annually
Medicines Regulator Approves First Targeted Treatment for Advanced Merkel Cell Skin Cancer
Government Commits £22 Million to Brighton Seafront Infrastructure Renewal and Transport Safety
National Security Bill Returns to House of Commons Amid Calls to Protect Humanitarian Work
Government Tightens Overseas Political Donation Rules to Strengthen Safeguards Against Foreign Influence
NHS Maternity Reform Expands Central Oversight After Critical National Review
Dover Border Warnings Highlight Post-Brexit Pressure on Cross-Channel Trade
Private Nuclear Consortium Advances £35 Billion Small Reactor Strategy in UK
UK Labour Leadership Signals Shift Toward Reindustrialisation and Regional Power
House of Lords Debates Rail Nationalisation Bill to Create Great British Railways
Scottish Affairs Committee Expands Inquiry Into SNP Financial Conduct
Evri Launches £1.2 Million Defamation Case Against BBC Over Panorama Investigation
Port of Dover Warns of Border Delays as EU Entry-Exit System Looms
Nigel Farage Referred to Standards Watchdog Over Alleged Undeclared Benefits
UK Government Faces Scrutiny Over Claimed AI Datacentre Investment After FOI Findings
UK and India Finalise Trade Agreement Rules Ahead of Mid-July Implementation
UK Government Establishes National Maternity Commissioner After Major Review of NHS Care Failures
×