Follow

Celebrate pissed somebody off.

Say what you will about signal but Moxie knows how to make a drop.

signal.org/blog/cellebrite-vul

@drwho next time he skates by tell him “The_gibson says Hack the Planet!”

Show thread

I am adding a toot here to agree with some other takes regarding this. It is very irresponsible of signal to use their user base to do this.

Although, I’m not sure how else they would have accomplished exposing CB’s vulns without benefitting CB. It doesn’t justify the decision.

Show thread

@thegibson I shall do so. I need to ask him when the next time he's doing a New York Skate through downtown SF will be.

@thegibson "By a truly unbelievable coincidence, I was recently out for a walk when I saw a small package fall off a truck ahead of me."

Unbelievable indeed.

@thegibson I mean, the general idea of using their technical knowledge to shine transparency on the integrity problems of surveillance devices like Cellebrite is great. It's just the last step goes a step too far into creating harm instead of preventing it.

If it was just a joke, it really sends the wrong message.

If it is for real, it raises a lot of questions about their judgement and stewardship of a project that has the potential to both reduce harms and be used for harm.

@vortex_egg @thegibson I read it as a "we could do this and maybe we will, but maybe not. It's on you to prove." kind of threat. They don't need to actually *do* anything more.

@thegibson
Unless it is just an idle threat. They could claim that they are deploying it on random installs of signal; and celibrite then needs to somehow prove, for EVERY instance their tools are used in a criminal case, that there was never any tampering of reports.

Effectively, the threat itself could be a viable attack against celibrite

@rgegriff @thegibson Slapback: Celebrite alledges to Apple and Google that Signal's software is being used to distribute malware that targets their platform. Google and Apple pull signal from their app stores until the allegations are proven otherwise.

@docskrzyk @rgegriff

Slapback (in the report) Apple’s libraries are being used by cb in violation of licensing agreements. Apple sues Cb into oblivion.

@thegibson @rgegriff slapityslap - Celibrite's code comes into question. Various other Apple and Android exploits found being used in Celebrite. Everybody loses.

I'm guessing this is going to get really interesting really quickly.

@docskrzyk @TheGibson @rgegriff slappity slap slap hand jive - windows mobile CE returns to smartphone market dominance

@djsundog @docskrzyk @TheGibson @rgegriff (street-performer spoon-slapping routine) Nokia N770 and N900 become mobile devices of choice.

@rgegriff @thegibson My biggest gripe with this: What I installed on my phone was billed as a secure messenger, not an exploit payload distribution tool that might randomly recruite my phone to crack other devices. Who knows what situation I will be in when it triggers?

Highly unrealistic hypothetical example: "So... you are traveling to a computer conference and your phone we just randomly 'checked' froze our spying device? You are not boarding that flight, mister."

@TheGibson it can be argued that signal is protecting their userbase by adding a file that deletes the signal database from the cellebrite extracted files using random vulnerabilities in cellebrite software.

I have no idea about the legality of this tbh.

@TheGibson idk, I don’t personally see an issue with distributing innocuous files that just mess with snooping. Maybe an opt out, but tbh I *want* them to put whatever that is on my device, and I don’t even regularly use signal

@TheGibson I have my complaints about Signal, but damn this is some great stuff haha Props where it's due

@thegibson "By a truly unbelievable coincidence, I was recently out for a walk when I saw a small package fall off a truck ahead of me. As I got closer, the dull enterprise typeface slowly came into focus: Cellebrite. Inside, we found the latest versions of the Cellebrite software, a hardware dongle designed to prevent piracy (tells you something about their customers I guess!), and a bizarrely large number of cable adapters."

lmao, whole article is worth it for that one paragraph

@thegibson "Fell from a truck" this is the sassiest post I've ever read. 😂

Sign in to participate in the conversation
hackers.town

A bunch of technomancers in the fediverse. Keep it fairly clean please. This arcology is for all who wash up upon it's digital shore.