fucking with police tech
Ok, so cops have this tool called Cellbrite they use to automate collecting data off of cell phones that they physically posses and are unlocked.
Turns out, Cellbrite has shite security, which means that you can drop an otherwise-inert file somewhere in your phone's system that, if scanned, will inject itself and allow arbitrary code execution on their Cellbrite device. I.E, you can make their hardware do literally anything you want, including compromising any data the device collects.
And in what they describe as unrelated news, Signal will start occasionally and randomly stashing some inert files in installations on established accounts.
fucking with police tech
@starkatt "We are of course willing to responsibly disclose the specific vulnerabilities we know about to Cellebrite if they do the same for all the vulnerabilities they use in their physical extraction and other services to their respective vendors, now and in the future." 🔥 🔥 🔥
