Has anyone tried Cellebrite hacking into a Purism device?

Just watching a video on how they hacked into the incel that tried to assassinate DT. Apparently they did it via Cellebrite, the company which can exploit Apple / Android devices without sharing vulnerabilities.

It would be a cool experiment for someone acting anonymously or from Purism to make a request to break into one using their service to see if they can get access… as surely this is the highest level of being hacked / data being accessed in the world.

Thought I’d ask and see how the discussion goes

6 Likes

I don’t think you could afford it. I imagine Cellebrite is not a charity.

2 Likes

No idea what this costs, but if I spent what remains of my life savings on trying to ask a company like this to hack my Librem 5, and they say, “We tried but it was locked down,” what then?

If they sell to governments, it might be in their interest to profile me, determine that I’m a “paranoid person” and not a threat to society who needs to be hacked for “justice” [they use the term on their website], and therefore they might lie to me and say they cannot hack my phone. Whereas if a government official needed to hack my phone, maybe Cellebrite would be like, “Oh, hey, yeah we know how to hack into a Librem 5, here you go!”

As long as we are operating off of exploiting “without sharing vulnerabilities,” everything could be lies in every direction. They could tell me they cannot hack it, and then tell the people who want to hack me that they can.

3 Likes

As the Librem 5 is essentially a Linux computer, look instead for reports of law enforcement agencies being able to forensically retrieve data on properly secured/encrypted drives in Linux machines.

12 Likes

They would be able to clone drives using write blockers, but they would not be able to easily decrypt them.

2 Likes

Take your Librem 5 to a cracker’s convention. Announce a $500 reward to the first person to retrieve a file at a specific location in the file system in your librem 5. Just to be fair, leave either the cellular or the wifi turned on. Once every half hour or so, call from the Librem 5 to the loud speaker system. Taunt all of the hackers live, telling them that they can’t even get in when you give them this live voice datastream to follow. Don’t tell them the phone model name for the first few hours. If you go home without anyone winning the award, the Librem 5 passes the cracker test. After someone cracks in and wins the award, put the phone in lockdown mode and then offer that the next crack in wins $1K.

9 Likes

DEF CON 32 is coming up from August 8-11, so the idea could work. The “flag” file just needs to be only accessible under root, not an unprivileged account.

2 Likes

My guess is that a good cracker could find and get in to the Librem 5 relatively quickly. A slimmed-down version of Linux without any special counter-cracking measures implemented, should be an easy target to hit. I don’t think a person can even claim to be a cracker unless they can get past a root login without much difficulty.

I know a guy at work who claims to have an “ethical hacker” certification. It can’t keep you out of trouble if you’re breaking the law. But it can make your interaction with law enforcement less difficult if they find you with cracking tools in your posession.

3 Likes

You mean like, say: Our LUKS fde may not be enough anymore

As always though without more details you don’t really know what this tells us about LEA capabilities.

1 Like

I vaguely remember there was a presentation of Chaos Computer Club’s (CCC’s) Chaos Communication Congress (#c3, bad naming scheme for searching :roll_eyes:) a couple of years ago which. Part of the presentation was a Cellebrite device which “fell of the truck” into their hands. I wonder what the context was, Tor or something? I wasn’t able to find it quickly.

I doubt that the disk encryption is uncrackable under all circumstances, but I am not an expert on this. Anyway the disk is unencrypted when Linux is up and there are a couple of attack vectors like touch screen, USB, WLAN, Bluetooth etc… What about the serial console? What does it have access to on a running device and on boot before entering the disk encryption password?

1 Like

I was thinking that I would make fun of you - and call you a ChatGPT - for bringing United States politics into a discussion about computer security. But then I thought, by doing this, you have effectively hacked my Librem 5 and put words on my screen about United States politics without me asking for them.

So, insofar as hacking my L5, I suppose you have subjectively succeeded.

3 Likes

That dilutes hacking to the point of having no meaning as every person who had ever posted anything that someone didn’t ask for is now a hacker by that definition…

It also has no relation to Cellebrite, which is purpose built to attack iPhone and android devices.

Has someone plugged a librem 5 in and tried to use cellebrite against it? Maybe. But thats akin to asking if someone has tried using a disk detainer pick to pick open a combination lock safe. It’s the wrong tool for the job, that doesn’t give any information about the tool, nor any information about the security of the device being tested by the wrong tool.

4 Likes

Generally speaking, Purism is working toward several system hardening initiatives to maximize user privacy and security. This includes investigating certification/specification compliance through accredited sources and contracting penetration testing through Purism’s infosec network. This could eventually involve hosting a CTF hackathon, bug bounties, etc.

5 Likes

There’s an important distinction to be made.

  • the Librem 5 must be compromised remotely
    v
  • the Librem 5 can be compromised with physical access to the phone

The way I took @StevenR’s challenge was that it must be the former.

Looking at the latter …

If I hand you my phone, powered off, and tell you to retrieve a file at a specific path immediately (and assuming that that path is on the root file system) then it is not obviously easy that this can be achieved unless LUKS is brute forced (and assuming that you have correctly randomised the disk encryption master key, which many Librem 5 users will have failed to do). [So you would, in addition, want to have set the right argon parameters to make this a bit challenging and be using a long and strong LUKS passphrase.]

If I hand you my phone, powered off, leaving it with you for an hour, and tell you to retrieve a file at a specific path at some time in the future after giving me back my phone then, as it stands today, that would be straightforward.

3 Likes

Forgot I made that comment. Did I only post one word? I don’t remember.

1 Like

Not sure what I said, I don’t remember much of this weekend, other than being in severe pain.

1 Like

They’ve branched out, acquired a company called BlackBag Technologies, and can now target computer drives as well:

BlackBag Technologies, Inc.: In January 2020, Cellebrite announced the acquisition of BlackBag Technologies, Inc., a forensics company with a focus on computer forensics. The acquisition allowed Cellebrite to expand its digital intelligence solution offerings to include data collection tools from computers.

2 Likes

The URL needs History replaced with Subsidiaries.

3 Likes

Some interesting replies here.

So basically… who knows, but it’s likely they could be able to and if they could, we’d never really know.

Surely, in this world, it’s a matter of time before some switched on criminal perhaps does plot something awful and reprehensible and tries to use something like the L5 - I suppose only then we’d know if news coverage confirmed they were able to break into it.

I remember my dad saying to me years and years ago when the first Apple device ended up in court, belonged to some deceased criminal where many unanswered questions existed around the court case that followed. Apple were in the news for refusing to unlock it. He said to me we’d never know what the situation really is, Apple and the authorities could be putting these stories out there to maintain such an illusion that they’re tough against the Gov’s etc, whilst allowing it behind the scenes. And then he said, no matter how good encryption is, some authorities will just lock you up until you agree to provide a password / biometric login… Makes you wonder the point in all of these technologies and companies like Purism that do their best, only for nothing in the end :frowning:

3 Likes

I’ve seen enough serious Linux errors to think that it is certainly possible that vulnerabilities exist that are being hoarded by corporations or governments.

Sure, but I think this topic contemplates a technical solution, not an “administrative” solution or a rubberhose.

Anyone who uses biometrics gets what they deserve. Never going to be secure with current technology.

2 Likes