[twojacobtwo]

Does anyone know how much of a black box these cellebrite (or competitor) systems are?

Like if we could get some into the hands of the best reverse engineers in software and hardware, how difficult might it be to figure out the methods by which they gain access (aside from standard brute force and the like)? Are these unreleased zero day software exploits? Or something that anyone with enough knowledge of of the hardware system could implement with say a few million dollars and a small team of capable people? How are updates delivered? Do we know that the devices don't provide remote access to the vendor themselves?

[hollow-moe]

A french youtuber got their hands on one and they say the device itself isn't protected at all ! https://www.youtube.com/watch?v=lVx5auDj7Hs

[aesh2Xa1]

Signal reported on their access in 2021 as well:

https://signal.org/blog/cellebrite-vulnerabilities/

https://cyberlaw.stanford.edu/blog/2021/05/i-have-lot-say-ab...

[rasz]

Got his hands on one and all he could muster is a talking head video?

[worthless-trash]

I don't imagine they are super hard, if they require wifi or usb or JTAG access, you can just dump it and figure out what it is doing, its not going to be any harder than reversing any other explotiation technique.

There would be thousands, if not tens of thousands of people in the world who can do it. Its much harder to create the exploit than to reverse it.

[rasz]

Older system:

Cellebrite UFED Cellphone Forensic Extraction Device Teardown https://www.youtube.com/watch?v=7LLGGCXH9MQ

UFED - its right in the name :] Video has little demonstration with older phones, one click bypass for all passcodes.