Bringing you quick updates on the tech space, policy making and digital rights from India and across the globe.
Signal creator claims Cellebrite can be easily sabotaged
Moxie Marlinspike, the the creator of messaging app Signal, has written a long blogpost calling out various vulnerabilities in Cellebrite’s devices. Cellebrite, an Israeli firm, is (in)famous for providing various spyware software products and services which are being used by law enforcement agencies across the world, including in India. Cellebrite devices have been used to unlock iPhones. Marlinspike, in the blogpost, claims to have found a Cellebrite equipment fall off a truck.
“We were surprised to find that very little care seems to have been given to Cellebrite’s own software security. Industry-standard exploit mitigation defenses are missing, and many opportunities for exploitation are present,” he wrote. Marlinspike said that the way Cellebrite’s products, by virtue of their design, had many vulnerabilities that could allow attackers to tamper them by using an “innocuous file”.
“Any app could contain such a file, and until Cellebrite is able to accurately repair all vulnerabilities in its software with extremely high confidence, the only remedy a Cellebrite user has is to not scan devices,” he said.
It is hard to say what exactly prompted Signal’s show of force against Cellebrite. However, if the blog post is any indication, the trigger could have been Cellebrite announcing a few months ago that it could break into Signal’s security protocols as well. Signal subsequently rubbished the claim, saying that Cellebrite only added support to its Physical Analyzer device for file formats used by Signal, nothing more.
Read: Exploiting vulnerabilities in Cellebrite UFED and Physical Analyzer from an app’s perspective [Signal blog]
Top Stories From MediaNama
- Centre Mulls Using Drones To Deliver COVID19 Vaccines To Underserved Areas
- Coinbase Is Entering India, Appoints Google Pay Engineer Pankaj Gupta As Lead
- Theatrical Window Eliminated (For Now) As Radhe Gets Simultaneous Streaming Release
- Forensics Firm Finds More Proof Of Planted Evidence On Rona Wilson’s Computer: Report
ICYMI: NAMA Event Announcement
MediaNama invites you to apply to attend an online discussion on how the IT Rules 2021 will impact Intermediaries. Our subscribers get priority invites for our events and need not apply. Here’s the agenda and reading list. Subscribe here to support our work.
- Date: April 23 (Friday), 2021
- Time: 2:00 pm IST onwards
Spotify, Match and Tile criticise Apple for anti-competition moves
Spotify and Tinder-parent company Match accused Apple of abusing its dominance in the mobile app store market. In a senate hearing on Wednesday, executives from the companies testified before the United States Senate’s antitrust committee. Horacio Gutierrez, Spotify’s chief legal officer said, “Apple abuses its dominant position as a gatekeeper of the App Store to insulate itself from competition and disadvantage rival services like Spotify.”
Jared Sine, Match’s chief legal officer, said Match was afraid of retaliation of companies like Apple and Google. “We’re all afraid, is the reality, Senator.” Tile’s general counsel Kirsten Daru said Apple had refused to give Tile access to a chip in iPhones in order to give a leg up to Apple’s own competing product AirTags (launched earlier this week).
Read: Apple Accused of ‘Power Grab’ in Senate App Store Hearing [Bloomberg]
Ex-Google employees launch neobank Fi
Bengaluru-based neobank Fi announced the launch of its services on Thursday. The company was founded by ex-Google employees Sujith Narayanan and Sumit Gwalani. The neobank — digital banks that don’t have physical branches — will focus on salaried employees. The company has partnered with Federal Bank to allow users to open savings bank account and get debit cards in, supposedly, less than three minutes.
TikTok faces lawsuit in UK over use of children’s data
TikTok is being sued for damages worth billions of pounds in the United Kingdom over allegations that it had illegally harvested private data of children. Anne Longfield, a former England Children’s Commissioner, brought the forward in a London court on behalf of children aged under 13 and under 16 in the European Economic Area.
The lawsuit alleges that TikTok and its parent company ByteDance had violated UK and EU’s data protection rules, deceiving parents about how exposed their children’s private information was. The case potentially reportedly affects more than 3.5 million children in the UK alone.
Read: TikTok faces UK lawsuit over alleged kids’ data breach [AFP]
