A defense attorney has asked a judge to grant their client a new trial after Moxie Marlinspike, the founder of popular encrypted messaging app Signal, found security issues with mobile phone forensics hardware made by Cellebrite. The case heavily used evidence collected by a Cellebrite device, according to the motion for a new trial obtained by Motherboard.
The news signifies continued fallout from Marlinspike’s disclosure, although it is unclear how successful of a legal strategy discussing the vulnerability will be.
Videos by VICE
“This Honorable Court should vacate said guilty find and order a new trial for the reasons contained in the instant motion,” the motion for a new trial, written by Ramon Rozas III, Esq., from law firm Rozas Law Office, reads. Rozas shared a copy of the motion with Motherboard.
Do you work for Cellebrite? Are you a Cellebrite customer? We’d love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on jfcox@jabber.ccc.de, or email joseph.cox@vice.com.
The motion revolves around a conviction of a robbery case in March, the motion reads. Rozas redacted the case number and name of the defendant from the copy of the motion shared with Motherboard.
“The Cellebrite evidence was heavily relied upon by the State in its argument, and was crucial to its case,” the motion reads.
“Since the trial, severe defects have been uncovered in the Cellebrite devices,” it adds, pointing to the findings from Signal.
According to Marlinspike, who published his findings in a blog post, issues he uncovered in Cellebrite devices allow an attacker to include malicious files in their phone that would then exploit a connected Cellebrite device and alter what kind of data the device could access. Potentially, this could bring up discussions around whether data collected by a Cellebrite device is forensically sound and suitable for a prosecution or not.
“In essence, internal security on Cellebrite devices is so poor that any device that is examined may in turn corrupt the Cellebrite devices and affect all past and future reports,” the motion reads.
The motion concludes saying that a new trial should be ordered so the defense can examine the report generated by the Cellebrite device and examine the hardware itself.
Cellebrite did not immediately respond to a request for comment. On Tuesday Motherboard reported that Cellebrite pushed an update to address a recently reported security vulnerability, with one source beleiving it related to the issue disclosed by Marlinspike.
Subscribe to our cybersecurity podcast CYBER, here.