Cellebrite is the Israeli company known for its Universal Forensic Extraction Device (UFED) "cracking machine" that allows law enforcement to break into a locked smartphone. Apple has been involved in a battle with Cellebrite and its rival Grayshift. The latter's GrayKey machine is also used to extract data from a handset. Every time Apple blocks these machines from working, the companies come up with something new.
Apple thought it had these machines licked when it introduced USB Restrictive Mode in iOS 11.4.1. This prevents the Lighting port from doing anything but charge an iPhone if the device hasn't been unlocked within the last hour. But both Cellebrite and Greyshift returned Apple's volley and by last June, Cellebrite said that it could "perform a full file system extraction on any iOS device, or a physical extraction or full file system (File-Based Encryption) extraction on any many high-end Android devices."Plugged into an iPhone's Lightning port, these machines use technology that allows them to override the limit on the number of passcode attempts a user could try before the phone is automatically wiped of all data. That allows the cracking machines to use "brute force" or try every passcode combination possible to unlock a phone.
Private forensic examiner says the FBI's stated inability to crack open the Pensacola shooter's iPhones is "BS"
when President Donald Trump and Attorney General William Barr attacked Apple for what they said was Apple's refusal to work with law enforcement (Apple refuted this argument a few days later), we told you about Cellebrite's amazing new technology that allows it to exploit a vulnerability called Checkm8. Thanks to this vulnerability, Cellebrite can access the A-series chipsets used by iPhone models from 2011-2017. Cellebrite's security research vice president Shahar Tal recently told clients that "For the first time ever, a wealth of previously untapped data sets from iOS devices can be leveraged to change the course of investigations. This update allows you to quickly perform a forensically sound temporary jailbreak and full file system extraction within one streamlined workflow."Earlier this month,
A test made by the National Institute of Standards and Technology (NIST) found that both Cellebrite and Grayshift devices were able to extract nearly all of the data out of an iPhone 7, one of the two Apple handsets owned by Pensacola shooter Mohammed Saeed Alshamrani. For some reason, the FBI had asked Apple to unlock Alshamrani's iPhones which the company refused. And that led President Trump to call out Apple by tweeting, "We are helping Apple all of the time on TRADE and so many other issues, and yet they refuse to unlock phones used by killers, drug dealers, and other violent criminal elements. They will have to step up to the plate and help our great Country." But a private forensic digital forensic examiner named Jerry Grant, who is a Cellebrite customer, said, "This whole thing with the new terrorists and [the FBI] can’t get into their phones, that’s complete BS."
A new report from Vice (via Android Authority) says that Cellebrite's current UFED 4PC software can extract data from an iPhone related to GPS data, call logs, messages, and contacts from an iPhone X and older. It can partially extract data from apps like Twitter, LinkedIn, Instagram, Pinterest, and Snapchat but cannot collect email. However, as Vice points out, cloud-based email apps like Gmail can be opened by law enforcement if they have a valid warrant.
The interesting thing about the report is that it notes that the latest version of the Cellebrite software is not as successful extracting data from Android devices. The Google Pixel 2 and Samsung Galaxy S9 would not allow the software access to GPS, social media or internet browsing. Messages and call logs could not be extracted from Verizon's Ellipsis 8 tablet and the Samsung Galaxy Tab S2 slate. Ironically, for all of the moaning from conspiracy theorists about the backdoors supposedly baked inside Huawei devices, no information at all could be extracted from the Huawei Mate 20 Pro.
Even law enforcement is noticing that Android handsets are getting harder to break into. Fort Worth Detective Rex Kiser, who works for the Fort Worth Police Department handling digital forensic examinations, told Motherboard, "Some of the newer operating systems are harder to get data from than others. I think a lot of these [phone] companies are just trying to make it harder for law enforcement to get data from these phones ... under the guise of consumer privacy. Right now, we’re getting into iPhones. A year ago we couldn’t get into iPhones, but we could get into all the Androids. Now we can’t get into a lot of the Androids."
Detective Kiser says that Cellebrite is the leading tool for most devices except for the iPhone. The GrayKey machine made by Grayshift was able to extract all data off of an iPhone X except for Pinterest where a partial extraction was achieved.