Published in News

Cellebrite hack might undo convictions

by on29 April 2021


If it can be hacked it could mean the evidence was tampered with 

A Maryland defence attorney has decided to challenge the conviction of one of his clients after it was recently discovered that the phone cracking product used in the case, produced by digital forensics firm Cellebrite, has severe cybersecurity flaws that could make it vulnerable to hacking.

Ramon Rozas, who has practised law for 25 years, told Gizmodo that he was compelled to pursue a new trial after reading a widely shared blog post written by the CEO of the encryption chat app Signal, Moxie Marlinspike.

Marlinspike brutally dunked on Cellebrite -- writing, in a searing takedown, that the company's products lacked basic "industry-standard exploit mitigation defences" and that security holes in its software could easily be exploited to manipulate data during cell phone extraction.

Given the fact that Cellebrite's extraction software is used by law enforcement agencies the world over, questions have naturally emerged about the integrity of investigations that used the tech to secure convictions.

For Rozas, the concerns centre around the fact that "Cellebrite evidence was heavily relied upon" to convict his client, who was charged in relation to an armed robbery. The prosecution's argument turned on that data, which was extracted from the suspect's phone using the company's tools.

Rozas argued that because "severe defects" have since been uncovered about the technology, a "new trial should be ordered so that the defence can examine the report produced by the Cellebrite device in light of this new evidence, and examine the Cellebrite device itself".

Last modified on 29 April 2021
Rate this item
(1 Vote)

Read more about: