The FBI successfully unlocked the Samsung smartphone of the deceased Trump shooter within 40 minutes, thanks to the digital forensics tools vendor, Cellebrite.
The FBI had initially struggled to access the device for vital clues, prompting them to seek assistance from the well-known, albeit controversial, digital forensics company.
Cellebrite’s Expertise in Digital Forensics
According to the Register reports, Cellebrite has a long-standing history of assisting law enforcement agencies in penetrating locked smartphones. However, the shooter’s device was newer, rendering the existing Cellebrite systems ineffective.
Unfazed, the law enforcement officials contacted Celaebrite’s support team, promptly providing an updated version of their software.
According to a Bloomberg report, this unreleased software cracked the phone in 40 minutes. Manufacturers do not welcome the practice of cracking devices. They have consistently opposed government and law enforcement efforts to weaken device encryption.
Apple, for instance, famously clashed with the US Attorney General in early 2020, refusing to allow the FBI access to a mass shooter’s device.
Apple argued that creating a backdoor would inevitably lead to security vulnerabilities that malicious actors could exploit. “We have always maintained there is no such thing as a backdoor just for the good guys,” Apple stated in 2020.
Protect Your Business Emails From Spoofing, Phishing & BEC with AI-Powered Security | Free Demo
Cellebrite’s Reliance on Vulnerabilities
With cooperation from smartphone manufacturers often denied, Cellebrite relies on zero-day exploits and undiscovered vulnerabilities to bypass security measures without vendor permission.
However, recent internal documents leaked from Cellebrite suggest that Apple users might have less to worry about. As of April 2024, Cellebrite was reportedly unable to access any Apple device running iOS 17.4 or later and most devices running iOS 17.1 to 17.3.1, except for the iPhone XR and 11.
While many newer iPhones remain secure, most Android devices, except for some Google Pixel models, are still vulnerable to Cellebrite’s tools.
The specific model of the Trump shooter’s Samsung device remains unclear. Still, the fact that pre-release Cellebrite software could crack it indicates that the privacy arms race between device manufacturers and digital forensics companies is far from over.
Critical Vulnerabilities of the Week: Oracle Update Time
In other cybersecurity news, Oracle has released a July security advisory containing 386 new security patches. Of these, around 90 have earned a CVSS score above 8.0, highlighting the urgency of users installing these updates promptly.
Additionally, several critical vulnerabilities have been identified under active exploitation this week:
- CVSS 9.8 – CVE-2024-34102: Certain versions of Adobe Commerce are improperly restricting XML external entity references, allowing for arbitrary code execution without user interaction.
- CVSS 9.8 – CVE-2024-36401: Some versions of OSGeo’s GeoServer allow multiple OGC requests, which could lead to remote code execution from unauthenticated users.
- CVSS 6.5 – CVE-2022-22948: VMware vCenter Server has incorrect default file permissions, allowing a non-administrative user to access sensitive information.
Russia’s Less-Capable Hackers Get Sanctioned
The US government has sanctioned two cyber criminals associated with the “Cyber Army of Russia” (CARR). Yulia Vladimirovna Pankratova and Denis Olegovich Degtyarenko have been accused of leading and hacking for the CARR crew, which has targeted several critical infrastructure systems in the US since 2022.
Despite some success, the Treasury Department noted that CARR’s lack of technical sophistication has prevented significant damage to victims.
Analytics vendor Snowflake has come under scrutiny from Congress, with two Senators demanding an explanation for a series of easily preventable security breaches.
The Senators highlighted that compromised Snowflake accounts were primarily due to stolen and reused passwords and failed to implement multifactor authentication.
Snowflake has been given until July 29 to provide a detailed explanation. Security researcher Jeremiah Fowler has discovered an unsecured database containing nearly 150,000 COVID-19 screening records.
The records of on-site medical staffing firm InHouse Physicians included names and phone numbers, raising concerns about potential data misuse. InHouse Physicians has since shut down access to the database.
New APT41 Campaign Discovered
Google threat hunters have identified a new Chinese threat actor, the APT41 campaign targeting global shipping and logistics companies. The attacks aim to establish persistence and exfiltrate sensitive data.
Mandiant reported that the attackers use tools like SQLULDR2 and PINEGROVE to steal large volumes of data, which are then exfiltrated to OneDrive. Mandiant has provided indicators of compromise to help organizations defend against these attacks.
The rapid cracking of the Trump shooter’s Samsung device by Cellebrite underscores the ongoing battle between device manufacturers and digital forensics companies.
As manufacturers strive to enhance security, digital forensics tools continue to evolve, exploiting vulnerabilities to aid law enforcement.
This dynamic landscape highlights the critical importance of robust cybersecurity measures and the need for continuous vigilance.
Join our free webinar to learn about combating slow DDoS attacks, a major threat today.