London Daily

Focus on the big picture.
Tuesday, Oct 21, 2025

Signal founder: I hacked police phone-cracking tool Cellebrite

Signal founder: I hacked police phone-cracking tool Cellebrite

Moxie Marlinspike accuses surveillance firm of being ‘linked to persecution’ around the world

The CEO of the messaging app Signal claims to have hacked the phone-cracking tools used by police in Britain and around the world to extract information from seized devices.

In an online post, Moxie Marlinspike, the security researcher who founded Signal in 2013, detailed a series of vulnerabilities in the surveillance devices, made by the Israeli company Cellebrite.

Marlinspike says those weaknesses make it easy for anyone to plant code on a phone that would take over Cellebrite’s hardware if it was used to scan the device. It would not only be able to silently affect all future investigations, but also to rewrite the data the tools had saved from previous analyses.

Marlinspike has been an outspoken critic of Cellebrite since the company claimed to be able to “break Signal encryption”, a claim the hacker has dismissed. “Cellebrite makes software to automate physically extracting and indexing data from mobile devices,” he says. “Their customer list has included authoritarian regimes in Belarus, Russia, Venezuela and China; death squads in Bangladesh; military juntas in Myanmar; and those seeking to abuse and oppress in Turkey, UAE and elsewhere.

“Their products have often been linked to the persecution of imprisoned journalists and activists around the world, but less has been written about what their software actually does or how it works.”

Police forces around the world use Cellebrite’s technology to help in digital investigations, particularly when they have managed to get hold of a physical device owned by a suspect or person of interest. While Cellebrite has been linked with attempts to bypass encrypted devices, the majority of its tools are built to allow digital forensics teams to extract information from unlocked, powered-on devices, and automate the sort of searches they could theoretically do by hand on the phone itself.

But through reverse-engineering one Cellebrite device (Marlinspike claims he acquired the device “when I saw a small package fall off a truck ahead of me”), Signal’s founder says he found more than 100 security vulnerabilities, just one of which could modify “not just the Cellebrite report being created in that scan, but also all previous and future generated Cellebrite reports from all previously scanned devices and all future scanned devices.”

“Any app could contain such a file, and until Cellebrite is able to accurately repair all vulnerabilities in its software with extremely high confidence, the only remedy a Cellebrite user has is to not scan devices,” Marlinspike says. In a winking suggestion that his company has placed such a booby-trap inside its own app, Marlinspike adds that “in completely unrelated news, upcoming versions of Signal will be periodically fetching files to place in app storage. These files are never used for anything inside Signal and never interact with Signal software or data, but they look nice, and aesthetics are important in software.”

In a statement, Cellebrite said: “Cellebrite enables customers to protect and save lives, accelerate justice and preserve privacy in legally sanctioned investigations. We have strict licensing policies that govern how customers are permitted to use our technology and do not sell to countries under sanction by the US, Israel or the broader international community. Cellebrite is committed to protecting the integrity of our customers’ data, and we continually audit and update our software in order to equip our customers with the best digital intelligence solutions available.”

Newsletter

Related Articles

0:00
0:00
Close
This Is How the 'Heist of the Century' Was Carried Out at the Louvre in Seven Minutes: France Humiliated as Crown with 2,000 Diamonds Vanishes
China Warns UK of ‘Consequences’ After Delay to London Embassy Approval
France’s Wealthy Shift Billions to Luxembourg and Switzerland Amid Tax and Political Turmoil
"Sniper Position": Observation Post Targeting 'Air Force One' Found Before Trump’s Arrival in Florida
Shouting Match at the White House: 'Trump Cursed, Threw Maps, and Told Zelensky – "Putin Will Destroy You"'
Windows’ Own ‘Siri’ Has Arrived: You Can Now Talk to Your Computer
Thailand and Singapore Investigate Cambodian-Based Prince Group as U.S. and U.K. Sanctions Unfold
‘No Kings’ Protests Inflate Numbers — But History Shows Nations Collapse Without Strong Executive Power
Chinese Tech Giants Halt Stablecoin Launches After Beijing’s Regulatory Intervention
Manhattan Jury Holds BNP Paribas Liable for Enabling Sudanese Government Abuses
Trump Orders Immediate Release of Former Congressman George Santos After Commuting Prison Sentence
S&P Downgrades France’s Credit Rating, Citing Soaring Debt and Political Instability
Ofcom Rules BBC’s Gaza Documentary ‘Materially Misleading’ Over Narrator’s Hamas Ties
Diane Keaton’s Cause of Death Revealed as Pneumonia, Family Confirms
Former Lostprophets Frontman Ian Watkins Stabbed to Death in British Prison
"The Tsunami Is Coming, and It’s Massive": The World’s Richest Man Unveils a New AI Vision
Outsider, Heroine, Trailblazer: Diane Keaton Was Always a Little Strange — and Forever One of a Kind
Dramatic Development in the Death of 'Mango' Founder: Billionaire's Son Suspected of Murder
Two Years of Darkness: The Harrowing Testimonies of Israeli Hostages Emerging From Gaza Captivity
EU Moves to Use Frozen Russian Assets to Buy U.S. Weapons for Ukraine
Europe Emerges as the Biggest Casualty in U.S.-China Rare Earth Rivalry
HSBC Confronts Strategic Crossroads as NAB Seeks Only Retail Arm in Australia Exit
U.S. Chamber Sues Trump Over $100,000 H-1B Visa Fee
Shenzhen Expo Spotlights China’s Quantum Step in Semiconductor Self-Reliance
China Accelerates to the Forefront in Global Nuclear Fusion Race
Yachts, Private Jets, and a Picasso Painting: Exposed as 'One of the Largest Frauds in History'
Australia’s Wedgetail Spies Aid NATO Response as Russian MiGs Breach Estonian Airspace
McGowan Urges Chalmers to Cut Spending Over Tax Hike to Close $20 Billion Budget Gap
Victoria Orders Review of Transgender Prison Placement Amid Safety Concerns for Female Inmates
U.S. Treasury Mobilises New $20 Billion Debt Facility to Stabilise Argentina
French Business Leaders Decry Budget as Macron’s Pro-Enterprise Promise Undermined
Trump Claims Modi Pledged India Would End Russian Oil Imports Amid U.S. Tariff Pressure
Surging AI Startup Valuations Fuel Bubble Concerns Among Top Investors
Australian Punter Archie Wilson Tears Up During Nebraska Press Conference, Sparking Conversation on Male Vulnerability
Australia Confirms U.S. Access to Upgraded Submarine Shipyard Under AUKUS Deal
“Firepower” Promised for Ukraine as NATO Ministers Meet — But U.S. Tomahawks Remain Undecided
Brands Confront New Dilemma as Extremists Adopt Fashion Labels
The Sydney Sweeney and Jeans Storm: “The Outcome Surpassed Our Wildest Dreams”
Erika Kirk Delivers Moving Tribute at White House as Trump Awards Charlie Presidential Medal of Freedom
British Food Influencer ‘Big John’ Detained in Australia After Visa Dispute
ScamBodia: The Chinese Fraud Empire Shielded by Cambodia’s Ruling Elite
French PM Suspends Macron’s Pension Reform Until After 2027 in Bid to Stabilize Government
Orange, Bouygues and Free Make €17 Billion Bid for Drahi’s Altice France Telecom Assets
Dutch Government Seizes Chipmaker After U.S. Presses for Removal of Chinese CEO
Bessent Accuses China of Dragging Down Global Economy Amid New Trade Curbs
U.S. Revokes Visas of Foreign Nationals Who ‘Celebrated’ Charlie Kirk’s Assassination
AI and Cybersecurity at Forefront as GITEX Global 2025 Kicks Off in Dubai
DJI Loses Appeal to Remove Pentagon’s ‘Chinese Military Company’ Label
EU Deploys New Biometric Entry/Exit System: What Non-EU Travelers Must Know
Australian Prime Minister’s Private Number Exposed Through AI Contact Scraper
×