Leaked Docs Reveal How Much iPhone Data Cellebrite Can Extract Using Its Phone-Cracking Tech


Cellebrite, an Israeli firm, rose to fame earlier this year when it was wrongly rumored that the company was helping the FBI unlock the San Bernardino shooter's iPhone 5c. At that time, the FBI vs Apple legal battle on encryption was all over the news waves, getting the company some attention too.

The security firm is an expert when it comes to cracking phones and access their data. While most of its work is largely secret, Cellebrite has a fame for helping "good guys" get access to encrypted data.

The forensics company claims it has a UFED tool (company details here) that is used by police departments around the world. The company takes the seized device from the police, plugs it in, and extract everything using this proprietary technology. Cellebrite claims "it can download almost every shred of data from almost any device on behalf of police intelligence agencies in over a hundred countries."

Cellebrite then hands over an extraction report to investigators who can see where the target has been, who they were talking to, and everything else they may get from the stored logs.

What exactly does this iPhone cracking tool deliver

ZDNet published a report earlier today, showing just how powerful Cellebrite's phone breaking technology is. "Earlier this year, we were sent a series of large, encrypted files purportedly belonging to a US police department as a result of a leak at a law firm, which was insecurely synchronizing its backup systems across the internet without a password," the publication said.

"Among the files was a series of phone dumps created by the police department with specialist equipment, which was created by Cellebrite," the report added.

The data that was received by ZDNet is from an unencrypted iPhone 5 running iOS 8. While there was no passcode set, the report confirms the breadth of data that the company can extract once it has broken the PIN (although the firm didn't need to go through that process in this particular case).

The extraction report includes data such as call logs, text messages, music, apps, deleted logs, and much more. Unlike regular data extraction tools, Cellebrite's UFED tech also retrieved configuration and database files, as well as some deleted content. The "extraction software records the geolocation of every photo that's been taken, and visualizes it on a map, allowing the investigator to see everywhere the phone owner has been and when", today's report said.

It is important to remember that even Cellebrite can't (yet) crack the passcodes on iPhone 5s and later devices thanks to Secure Enclave. For more details, here's the complete report.