CVE-2020-14474

Name of the Vulnerable Software and Affected Versions Cellebrite UFED physical device versions 5.0 through 7.5.0.845

Description The issue concerns the use of hardcoded key material within the executable code and encrypted files of the Cellebrite UFED physical device. This key material is the same for every device running the same version of the software and does not appear to change with new builds. As a result, it is possible to reconstruct the decryption process using this hardcoded key material, allowing for easy access to otherwise protected data.

Recommendations For versions 5.0 through 7.5.0.845, consider disabling the decryption process using the hardcoded key material until a patch is available. Restrict access to the encrypted files to minimize the risk of exploitation. Avoid relying on the key enveloping technique for data protection until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.