Episode 68

Signal Snoops On Cellebrite as They Snoop On Us


April 30th, 2021

1 hr 15 mins 36 secs

Your Hosts
Special Guests

About this Episode

Katherine Druckman and Doc Searls chat with Kyle Rankin and Shawn Powers about Signal’s exposure of vulnerabilities in Cellebrite’s mobile device hacking software.

Subscribe to our newsletter.

Reality 2.0 around the web:

Support Reality 2.0

Episode Links

  • Signal >> Blog >> Exploiting vulnerabilities in Cellebrite UFED and Physical Analyzer from an app's perspective — Cellebrite makes software to automate physically extracting and indexing data from mobile devices. They exist within the grey – where enterprise branding joins together with the larcenous to be called “digital intelligence.” Their customer list has included authoritarian regimes in Belarus, Russia, Venezuela, and China; death squads in Bangladesh; military juntas in Myanmar; and those seeking to abuse and oppress in Turkey, UAE, and elsewhere. A few months ago, they announced that they added Signal support to their software. Their products have often been linked to the persecution of imprisoned journalists and activists around the world, but less has been written about what their software actually does or how it works. Let’s take a closer look. In particular, their software is often associated with bypassing security, so let’s take some time to examine the security of their own software.
  • Australia’s vague anti-encryption law sets a dangerous new precedent - ProtonMail Blog — the Australian government and its Labor partners rammed a shockingly invasive anti-encryption law through Parliament, over the objections of experts, businesses, and civil rights groups.
  • Australia's Encryption-Busting Law Could Impact Global Privacy | WIRED — Australia has passed a law that would require companies to weaken their encryption, a move that could reverberate globally.
  • P versus NP problem - Wikipedia — The P versus NP problem is a major unsolved problem in computer science. It asks whether every problem whose solution can be quickly verified can also be solved quickly.
  • Data Double Dipping: When Companies Mine Paying Customers – Purism — There’s an old snarky saying among privacy advocates: “If you aren’t paying for something, you are the product!” This updated version of “There’s no such thing as a free lunch” arose in the Internet age among the ever-growing list of free services and apps on the Internet funded by collecting and selling your data to advertisers. If large companies like Google and Facebook are any indication, a lot of money can be made with user data and the more data you collect, the more money you can make.
  • Eva Galperin: What you need to know about stalkerware | TED Talk — "Full access to a person's phone is the next best thing to full access to a person's mind," says cybersecurity expert Eva Galperin. In an urgent talk, she describes the emerging danger of stalkerware -- software designed to spy on someone by gaining access to their devices without their knowledge -- and calls on antivirus companies to recognize these programs as malicious in order to discourage abusers and protect victims.
  • Reality 2.0 Episode 52: Fragmentation and Outrage of the Week — Doc Searls and Katherine Druckman talk to Kyle Rankin about fragmentation and software development, the Amazon Halo, and surveilling school children.
  • This Is How They Tell Me the World Ends — From New York Times cybersecurity reporter Nicole Perlroth, THIS IS HOW THEY TELL ME THE WORLD ENDS is the untold story of the cyber arms trade-the most secretive, invisible, government-backed market on earth-and a terrifying first look at a new kind of global warfare.

Episode Comments