A few days ago, the CEO of the messaging app Signal detailed a series of vulnerabilities that the Cellebrite private data extraction tool found. The consequences have not been expected, in addition to the fact that the tool has temporarily eliminated some of its features, it has also lost confidence for the authorities when using its results as evidence in trials.

One of the first things Cellebrite has done after the announcement of Signal was to remove some features from its tool. Physical Analyzer is your most powerful device to extract data, after the vulnerabilities brought to light, have removed the function to extract data from iPhones blocked.

Cellebrite, it seems, has also patched multiple vulnerabilities in recent days. According to Signal, with what they discovered they can now put files on mobiles that corrupt the data that Cellebrite extracts in case you try it with the mobile “infected” by Signal. Something that leaves the integrity of the tool in doubt and that therefore Cellebrite is looking to solve as soon as possible.

Discovered vulnerabilities, contested cases

The effects of the Signal announcement have gone even further. Since the Cellebrite tool allows you to extract data from locked phones, it is often used by law enforcement agencies to extract data phone numbers of defendants that serve as evidence in court. Now, what happens when the tool is no longer trustworthy and neither is the data it extracts?

A defense attorney in Maryland (United States) has already decided to abide by the matter, has contested the conviction of one of his clients who was charged thanks to the use of evidence that Cellebrite found on your mobile device. He said he’s concerned that Cellebrite’s evidence weighed heavily in convicting his client now that the security flaws in the tool have been discovered.

As requested by the lawyer, “a new trial must be ordered so that the defense can examine the report produced by the Cellebrite device in light of this new evidence, and examine the Cellebrite device itself. “One of the claims that the CEO of Signal made is that the discovered exploits would allow a third party to tamper with the data that Cellebrite extracts from the devices it analyzes.This, for all practical purposes, means that the tool loses much of its credibility.

