This is just fantastic. https://signal.org/blog/cellebrite-vulnerabilities/
@kev isn't that the Israeli hacking company? If I'm not mistaken they have been behind some major stuff for several years.
@kev yeah... I'm not so sure about how these files will be incorporated, how you can do this while respecting the open-source license, and what this could imply if this files were suddenly changed to something else... not sure I'm too happy about this... the benefits do not seem to counterbalance the risks.
I'm assuming these files are to protect Signal scanning from Cellebrite? So they would be injecting the code into Cellebrite so it doesn't report anything? However, what I don't understand is that if a device is encrypted, how would Cellebrite gain access to user files on the device ...
@magellano I’ve never used cellebrite, but from the post, all it seems to do is automate collection of data from a “hands on keyboard” perspective. So the device is unlocked and the data is available.
@magellano and yes, Moxie was referring to embedding the file that triggers the vulnerability to thwart cellebrite.
Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.