CVE-2020-11723 : Security Advisory and Response

Cellebrite UFED 5.0 through 7.29 uses hardcoded RSA private keys to authenticate to the ADB daemon on target devices, potentially allowing unauthorized access.

Understanding CVE-2020-11723

Cellebrite UFED versions 5.0 through 7.29 are affected by a vulnerability that involves the use of hardcoded RSA private keys for authentication.

What is CVE-2020-11723?

This CVE refers to the use of four hardcoded RSA private keys in Cellebrite UFED versions 5.0 through 7.29 to authenticate to the ADB daemon on target devices. These keys can be extracted and misused to place evidence on target devices during forensic extractions.

The Impact of CVE-2020-11723

The exploitation of this vulnerability could lead to unauthorized access to target devices, potentially compromising the integrity of forensic extractions and the security of sensitive data.

Technical Details of CVE-2020-11723

Cellebrite UFED 5.0 through 7.29 vulnerability details:

Vulnerability Description

Cellebrite UFED versions 5.0 through 7.29 use four hardcoded RSA private keys for ADB daemon authentication.

Affected Systems and Versions

Product: Cellebrite UFED
Vendor: Cellebrite
Versions affected: 5.0 through 7.29

Exploitation Mechanism

Attackers can extract the hardcoded RSA private keys from Cellebrite UFED to gain unauthorized access to target devices.

Mitigation and Prevention

Steps to address CVE-2020-11723:

Immediate Steps to Take

Update Cellebrite UFED to a patched version that removes the hardcoded RSA private keys.
Monitor for any unauthorized access or suspicious activities on target devices.

Long-Term Security Practices

Implement regular security audits and assessments to identify and address vulnerabilities promptly.
Train forensic examiners on secure practices to mitigate risks during extractions.

Patching and Updates

Apply patches and updates provided by Cellebrite to eliminate the use of hardcoded RSA private keys for authentication.