[MrManatee]

The article says that "it should be pretty straightforward for law enforcement to disprove an accusation about the Cellebrite machine", because they can perform the same extraction with another vendor's machine and compare the results.

But if some app actually decided to use this hack, then wouldn't it be likely that in addition to modifying the contents of the data dump it would also modify the on-device data? In that case it wouldn't matter if the other vendors have vulnerabilities, since the device itself was already compromised.

[batch12]

The most interesting version of this exploit (to me) would be one that wiped the device being examined.

Edit: changed disruptive to interesting. There could be many many more disruptive versions...

[Sephr]

Quite the 'aesthetically pleasing' side-effect for sure.

[tedunangst]

Tell it to the jury I guess. "Yes, of course there's evidence of a crime on my phone, but actually I put it there just to trick the police."

[MrManatee]

Or: "If there is any evidence of a crime on my phone, it was probably planted there by a version of Cellebrite that got infected with a virus when you scanned someone else's phone with it."

[PeterisP]

The sentence would be true iff your replace "probably" with "possibly". But - as the original article states - that's not sufficient. The defence may try to assert that this is the case, which may cause that possibilty to be investigated in more detail, but such a statement would not automatically disqualify the evidence without something more substantial, merely asserting that such a possibility exists isn't enough.

E.g. such a claim might result in a forensic analysis of that Cellebrite computer, and if the analysis indicates that it indeed got infected with a virus when scanning someone else's phone, that's likely cause all the evidence to be questioned, but again, even in that case there may be other ways than the Cellebrite logs to confirm that this evidence was indeed on your phone (the original article asserts this as well).