Israeli hackers find method to break Signal encryption

According to a recent report, specialists at Cellebrite, an Israeli mobile security firm, claim to have found a way to access the Signal messaging app, which has the highest level of encryption. The same report also mentions that some U.S. school districts have purchased solutions from this company.

Cellebrite hacking solutions are widely requested by law enforcement agencies around the world. In recent times, multiple privacy advocates have criticized this company for selling these developments to state actors with serious history of human rights violations, including territories such as Venezuela and Saudi Arabia.

La imagen tiene un atributo ALT vacío; su nombre de archivo es cellebrite.jpg

A few days ago the company revealed that the latest update to its analyzer software includes a new feature that allows the decoding of Signal information and data. This communication platform uses a special open source encryption system called Signal Protocol, designed to be proof of any unauthorized access, thus consolidating the widely known end-to-end encryption.

Due to its effectiveness, Signal’s protocol was adopted by companies such as Facebook and Skype, in a collaboration that allows Signal to further develop solutions that were originally designed to protect communications from political dissidents, social activists and journalists.

In its report, the firm mentions that Cellebrite Physical Analyzer now allows legal access to data at Signal: “We work tirelessly to empower public and private sector researchers to find new ways to accelerate justice, protect communities, and save lives.”

Although the publication was deleted, security experts were able to analyze the documentation revealed by Cellebrite, specifying that the attack is based on Signal’s own open source analysis and reverse engineering process.

A source close to the company mentioned that the publication was removed due to the obvious negative implications of using similar tools: “The authorities continue to strive to require software developers to install backdoors in their technologies for use in cases of legal investigation; the use of technology like Cellebrite is the available solution,” the informant says.

In addition to the school districts that recently acquired this technology, more than 2,000 American law enforcement agencies use these tools. Information security experts believe authorities will use this software to identify potential sexual predators.