Signal Says: Cellebrite Police Mainstay Hacking Tool is Precisely Easy to Break into

JAKARTA - An encrypted chat application, Signal, revealed that the police's mainstay of hacking tools in extracting data from confiscated devices is not safe. Even the data collected from these tools could easily be sabotaged.

The security gap was first exposed, Moxie Marlinspike, founder of Signal. According to him, the hardware made in Israel cannot guarantee the security of the data that has been collected.

"(We) were surprised to find a security flaw in the Cellebrite software. Many opportunities for exploitation of the data generated by the tool", wrote Moxie Marlinspike in a Signal blog post, Thursday, April 22.

Cellebrite itself is indeed a mainstay tool for the police to trace the track records and activities of a device. The National Police Headquarters also reportedly used these Israeli-made devices and applications to retrieve data from the confiscated evidence of the defendant in the Hate Speech Case in the Information and Electronic Transaction Law (ITE) Jumhur Hidayat.

Marlinspike explains that the files that are successfully extracted from the device or cellphone are easy to exploit. He can even change the order of data that Cellebrite has collected.

"If they add files, then re-extract them, it might destroy or infect Cellebrite", he said.

According to Marlinspike, this could be a data security breach. Given that this tool can retrieve data from electronic devices, such as computers, tablets, data storage cards (memory cards), to external hard disks.

This Cellebrite can be purchased by anyone, both government agencies, and the general public. Even so, Cellebrite emphasized that the data collected will be gated security.

"Cellebrite is committed to protecting the integrity of our customers' data, and we continue to audit and update our software to equip our customers with the best digital intelligence solutions available", wrote Cellebrite.