https://theferret.scot/reliability-of-police-mobile-phone-evidence-questioned-after-hack/ * The FerretThe Ferret * Login * Join us * Donate * Gift memberships * About us + Ferret Fact Service + Help and support + Recruitment + Privacy + Audio and Podcasts * Contact + Pitch us a story + Complaints * Shop * Training + Training events * Reset password The FerretThe Ferret * Subscribe * Donate Log In Username or Email Address [ ] Password [ ] [ ] Remember Me [Log In] --------------------------------------------------------------------- Join Now | Lost Password? Categories * Arms trade + Nuclear weapons * Crime and justice + Privacy and surveillance * Education * Environment + Fracking * Fact check * Finance + Employment * Health * International * Politics + Human rights * Society + Asylum + Housing Trending * [placeholde][Screenshot] More than 40 former Mark Fortune tenants demand action from authorities * Stuart Campbell, Wings Over ScotlandStuart Campbell, Wings Over Scotland Claims SNP funding 'paedophile charter' lobbying groups are FFS * Facebook graphicFacebook graphic 'Dark money' fears raised over anti-SNP Facebook adverts run by Unionists * [placeholde][iStock-804] FFS explains: The Scottish election system Weekly email The FerretThe Ferret [ ] The Latest Matt Hancock NHS spendingMatt Hancock NHS spending Claim SNP NHS spending pledge lower than England and block grant is Half True [placeholder-11][iStock-1250543] PS10,000 reward for information on illegal seal killing after police asked to investigate deaths ban the bomb poster nuclear weaponsban the bomb poster nuclear weapons Scots financial firms invested PS7bn in nuclear weapons wastewaste 30,000 tonnes of recycling waste 'goes up in smoke' * Scottish Government * SNP * Friends of the Earth Scotland * Nicola Sturgeon * Scottish Green Party * Freedom of Information * Mark Ruskell * Scottish Parliament * Scottish Environment Protection Agency * Police Scotland * Covid-19 * UK Government * Conservative Party * Ross Greer * Campaign Against Arms Trade * Fish farming * Brexit * Scottish Salmon Producers Organisation * Ministry of Defence * Richard Dixon Mobile phoneMobile phone Reliability of police mobile phone evidence questioned after hack byAlly Tibbitt April 24, 2021 87 SHARES ShareTweetSubscribe Sign-up for our free weekly email Your Email (required) [ ] [Yes! Sign me up.] Or become a member to get unlimited access, personalised email alerts, online training and more. You can join us for just 69p per week. [ ] The reliability of information gleaned from thousands of mobile phones analysed by Police Scotland could be called into question after analysis software it uses was apparently hacked. Police Scotland uses specialist forensic analysis technology provided by a company called Cellebrite to help analyse thousands of mobile phones each year. Cellebrite products help officers to gather data from mobile phones through 'kiosks'. These allow officers to connect to almost any kind of mobile phone to look at the texts, photos, videos, and other data on it. Tell us what we should write about nextTell us what we should write about next But now campaigners have called on Police Scotland to restrict the use of Cellebrite technology after new claims of serious security flaws in its software prompted an internal investigation. Cellebrite kioskCellebrite kioskCellebrite kiosk for mobile phone analysis The firm is popular with law enforcement agencies globally and boasts that its "physical analysers" can break the security protections provided by mobile phone manufacturers as well as encryption on hundreds of different apps that may be installed on them. In 2017, The Ferret published details of the process used by Police Scotland and the range of apps that Cellebrite claimed it could analyse at that time. The Israeli firm has been criticised in the past for selling its technology to regimes with poor human rights records. The technology has long been controversial in Scotland too. Police Scotland use of Cellebrite "kiosks" has been the focus of intense scrutiny. This included a probe by a Holyrood Committee, after it emerged the force had spent more than PS1m on Cellebrite equipment without fully considering the privacy or human rights implications of using it. Privacy fears as police access data from tens of thousands of mobile phones On 21 April 2021, Moxie Marlinspike, CEO of the non-profit organisation that develops the popular encrypted messaging app Signal , published a blog post where he claimed to have identified significant security failings in the Cellebrite software. He claimed: "It's possible to execute code that modifies not just the Cellebrite report being created in that scan, but also all previous and future generated Cellebrite reports from all previously scanned devices and all future scanned devices in any arbitrary way (inserting or removing text, email, photos, contacts, files, or any other data)." The coder concludes: "This could even be done at random, and would seriously call the data integrity of Cellebrite's reports into question." He also claimed that the security firm may be using copyrighted Apple software without permission, exposing their customers to further risk. Although the Cellebrite software flaws have not been independently verified, a Privacy International (PI) UK analyst has warned that there could be serious implications for any evidence gleaned from phones by law enforcement agencies using the Cellebrite technology. Analyst Ed Geraghty said: "Regardless of malice, given otherwise innocuous files are able to cause -- apparently arbitrary -- effects on Cellebrite's Physical Analyser, it can no longer be relied on to provide evidence fit for a Court of Law. "PI has raised repeated concerns about police use of Cellebrite's Physical Analyser, particularly the routine use of intrusive, untargeted 'mobile phone extraction kiosks' against victims and even witnesses of crimes." Police Scotland has sought to train hundreds of officers to use the Cellebrite kiosks in a bid to tackle a backlog of electronic devices that require forensic analysis. However rights groups have consistently raised concerns over the potential for intrusive digital searches to gather far more detail on people's lives than necessary. Heather Burns, policy manager at the Open Rights Group, sits on the Scottish Government's independent advisory group on emerging technologies in policing. She said: "The fact that these technologies are buggy and appear to disregard software licences of other vendors should concern the Police. It points to short cuts in product development. "We have asked Police Scotland through their advisory panel to explain what procuedures they have for assessing such software for security and reliability. "We appreciate the openness that Police Scotland is providing with their advisory panel and hope that this will be used to have an open dialogue about these concerns. "While we understand that Police Scotland do not use the technology evidentially, which is the biggest area of risk, other authorities do. Police Scotland should therefore not consider extending the use of this software while these issues are unresolved." A Police Scotland spokesperson said: "Police Scotland is liaising with Cellebrite and other partners to fully understand any implications this may have for the service and what mitigation measures, if any, are required." A spokesperson for Cellebrite said: "Cellebrite is one of the most trusted names in the industry having served the law enforcement community and private enterprise for more than 14 years. "We constantly strive to ensure that our products and software meet and exceed the highest standards in the industry so that all data produced with our tools is validated and forensically sound. "Cellebrite understands that research is the cornerstone of ensuring this validation, making sure that lawfully obtained digital evidence is utilized to pursue justice. "We will continue to integrate these standards in our products, software, and the Cellebrite team, in order to deliver the most effective, secure, and user friendly tools for our customers." Photo credit: iStock / ipopba More like this * Privacy fears as police access data from tens of thousands of mobile phones * Police criticised for million pound spend on mobile phone cracking tools * Rape victims billed hundreds of pounds for mobile phones seized by police * Prisoners outwit PS1.2m mobile phone blocking technology Good journalism changes things The Ferret was established in 2015 with a mission to publish fearless, high quality journalism. Since then thousands of people have joined us. We hope you will too. We're a cooperative with places reserved for both our writers and subscribers on the board. We're independently regulated, and work hard to keep our overheads down. This means that all the money we get from our subscribers is invested directly in original public interest news. We're avowedly non-partisan so we can treat everyone fairly. We don't publish click bait and we don't do favours for political parties or powerful vested interests. We do help to change things. Subscribe PS9 per month Or see your other subscription options. Got a story idea? Tell us what you'd like us to write about next and vote up the best ideas. 87 SHARES ShareTweetSubscribe Sign-up for our free weekly email Your Email (required) [ ] [Yes! Sign me up.] Or become a member to get unlimited access, personalised email alerts, online training and more. You can join us for just 69p per week. [ ] * Cellebrite * Encryption * Featured * Heather Burns * mobile phone * Moxie Marlinspike * Open Rights Group * Police Scotland * Privacy * Privacy International * Scottish Government * Scottish Parliament * Signal The FerretThe Ferret * About us * Contact * Pitch us a story * Privacy * Reset password * Complaints The Ferret is independently regulated by IMPRESS. The Ferret is published by The Ferret Media Ltd, Registered Society, RS0040088. Manage cookie consent [preloader] Hi! To read more you need to login. Not a member yet? Join our co-operative now to get unlimited access. See other membership options Log In Username or Email Address [ ] Password [ ] [ ] Remember Me [Log In] --------------------------------------------------------------------- Join Now | Lost Password? Join now (PS9 per month) You can join using Direct Debit, payment card or Paypal. Cancel at any time. If you are on a low-income you may be eligible for a free sponsored membership. Having trouble logging in? Try here. Log In Username or Email Address [ ] Password [ ] [ ] Remember Me [Log In] --------------------------------------------------------------------- Join Now | Lost Password? [preloader] Hi! To read more you need to login. Not a member yet? Join now [preloader] Hi! You can login using the form below. Not registered yet? Join now Log In Username or Email Address [ ] Password [ ] [ ] Remember Me [Log In] --------------------------------------------------------------------- Join Now | Lost Password? Having trouble logging in? Try here. 87 SHARES FacebookTwitterWhatsappSubscribe Sign-up for our free weekly email Your Email (required) [ ] [Yes! Sign me up.] Or become a member to get unlimited access, personalised email alerts, online training and more. You can join us for just 69p per week. [ ] Privacy notice We use cookies on our website that help us remember your preferences and provide the best multi-media service we possibly can. By clicking "Accept", you consent to allow all cookies. However you can adjust your Cookie Settings to disable non-essential cookies. Cookie settingsACCEPT Manage cookie consent Close Privacy Overview This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of the website. We also use some non-necessary cookies that help us analyse and understand how you use this website and optimise your experience when we use third party services. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies, although you should be aware that opting-out may increase the possibility that some services may not work or display optimally. Necessary [*] Necessary Always Enabled Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information. Non Necessary [ ] non-necessary Any cookies that may not vital for our website to function. By accepting this type of cookies you agree to let us record more information about you and your use of our website. Save & Accept