Signal’s Founder Hacked a Notorious Phone-Cracking Device

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.

This week, Apple’s spring product launch event was marred by a ransomware attack against one of its suppliers, Quanta Computer. The incident is notable because it involves Apple—and the release of confidential schematics—but also because it represents an intersection of multiple disturbing trends in digital extortion.

In other Apple-adjacent hacking news, Facebook researchers found that a Palestine-linked group had built custom malware to attack iOS, hidden inside a functional messaging app. Victims had to visit a third-party app store to install the malicious software, but the hackers used social engineering techniques to trick them into doing so. And speaking of Facebook, the social media giant has been implicated in yet another data exposure, this time the email addresses of millions of users who had set that information as “private” in their settings. This comes on the heels of a flaw that allowed the scraping of 500 million Facebook user phone numbers that came to light earlier this month.

We also took a look at a since-fixed bug in Clubhouse that would have allowed people to linger invisibly in rooms like ghosts and even to cause a racket, with the moderator unable to mute them or kick them out. 

And there’s more! Each week we round up all the news WIRED didn’t cover in depth. Click on the headlines to read the full stories. And stay safe out there.

In December, forensics company Cellebrite—which helps authorities break into and extract data from iPhones and Android devices—claimed it could access Signal app data. This was a little bit of misdirection; it hadn’t undermined Signal’s famously sturdy encryption but rather added support for file types Signal uses to its Physical Analyzer tool. The distinction matters quite a bit. Cellebrite could basically access Signal messages once it already had your phone in hand and unlocked it, which is going to be a risk with any encrypted messaging app.

Fast forward to this week, when Signal founder Moxie Marlinspike published a blog post that details his apparently successful efforts to hack a Cellebrite’s phone-cracking device. What he found: lots of vulnerabilities, to the extent that an app could compromise a Cellebrite…