Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Cellebrite data extraction widget used by police

FloatingBones

FloatingBones

macrumors 65816
Original poster
Jul 19, 2006
1,486
745
The company Cellebrite has just announced new software for their Mobile Forensics data-extraction widget.

Cellebrite Ltd, the leading provider of mobile forensic solutions, today announced the release of UFED Physical Analyzer, Version 2.0, a comprehensive software package update for its market-leading mobile forensic extraction device. With the latest iteration of UFED Physical Analyzer 2.0, law enforcement and intelligence agencies will possess a more robust and powerful tool for analyzing mobile phone data used to arrest, try and convict lawbreakers.
...
UFED Physical Analyzer 2.0 enables military, law enforcement, and intelligence agencies to easily extract deleted data, passwords, contacts, text messages, call logs, emails, GPS locations, web history, calendar entries and much more. New parsing capabilities such as iPhone Skype support, browser cookies, Wi-Fi and Cell Tower locations and more make it the most advanced end to end solution available to the mobile forensic community.
Click to expand...

This page shows that their data-extraction device is compatible with iPhones, iPads, and the iPod Touch. These two articles (1 2) talk about Michigan's use of the devices with traffic stops. From the first article:

"Law enforcement officers are known, on occasion, to encourage citizens to cooperate if they have nothing to hide," ACLU staff attorney Mark P. Fancher wrote. "No less should be expected of law enforcement, and the Michigan State Police should be willing to assuage concerns that these powerful extraction devices are being used illegally by honoring our requests for cooperation and disclosure."
Click to expand...

One wonders if the law enforcement officers would lend the Cellebrite device and their personal cell phones to the people they pull. After all, the law enforcement officers have nothing to hide, either.
 
scaredpoet

scaredpoet

macrumors 604
Apr 6, 2007
6,627
342
One unanswered question is whether the "Wipe" function on an iOS device is thorough enough to prevent a Cellebrite UFED from retrieving any data. They do say that deleted call history and SMS CAN be retrieved, but that's well known: "deleting" isn't really deleting, and "wiping" is supposed to be a different, thorough removal of data from an iPhone.

And before anyone makes the "you shouldn't worry about this if you've got nothing to hide" argument, bear in mind that there are already known cases where police officers have decided to have a little fun with people's cell phones at their expense, in ways that had no bearing at all on their work:

http://www.stamfordadvocate.com/new...ce-officer-accused-of-sexting-with-846785.php


http://www.nbcwashington.com/news/local/Sexy-Cell-Phone-Pics-Get-Culpeper-Cops-in-Trouble.html
 
L

logandzwon

macrumors 6502a
Jan 9, 2007
574
2
scaredpoet said:
One unanswered question is whether the "Wipe" function on an iOS device is thorough enough to prevent a Cellebrite UFED from retrieving any data. They do say that deleted call history and SMS CAN be retrieved, but that's well known: "deleting" isn't really deleting, and "wiping" is supposed to be a different, thorough removal of data from an iPhone.

And before anyone makes the "you shouldn't worry about this if you've got nothing to hide" argument, bear in mind that there are already known cases where police officers have decided to have a little fun with people's cell phones at their expense, in ways that had no bearing at all on their work:

http://www.stamfordadvocate.com/new...ce-officer-accused-of-sexting-with-846785.php


http://www.nbcwashington.com/news/local/Sexy-Cell-Phone-Pics-Get-Culpeper-Cops-in-Trouble.html
Click to expand...

"wipe" only deleted a few things on the phone. Mainly, the AES keys, (rendering anything encrypted gone for good.) SMS are not encrypted. Pictures are not encrypted. I think by default the only thing encripted is email.
 
E

elan123

macrumors 6502
Jan 26, 2011
259
0
logandzwon said:
"wipe" only deleted a few things on the phone. Mainly, the AES keys, (rendering anything encrypted gone for good.) SMS are not encrypted. Pictures are not encrypted. I think by default the only thing encripted is email.
543.jpg
Click to expand...

kinda scary...
 
O

old-wiz

macrumors G3
Mar 26, 2008
8,331
228
West Suburban Boston Ma
There's an interesting question as to whether or not this is constitutional for law enforcement to demand your cell phone info without a warrant or evidence of wrongdoing. "cooperate if you have nothing to hide" is still not an excuse in my opinion. Obviously you have to cooperate with a formal investigation, but "nothing to hide" is not a valid reason.
 
iApples

iApples

macrumors 65816
Mar 24, 2011
1,075
0
logandzwon said:
"wipe" only deleted a few things on the phone. Mainly, the AES keys, (rendering anything encrypted gone for good.) SMS are not encrypted. Pictures are not encrypted. I think by default the only thing encripted is email.
Click to expand...

Yup, but emails can also be traced through the hosts server. So if you some how manage to obtain the email (Perhaps through SMS) then you'll be able to retrieve all emails also.
 
T

tommyo3000

macrumors newbie
Apr 20, 2011
1
0
Cellebrite, iPhones, Passcodes, and SIM PINs

OK, after researching Ufed's website I came up with this info:

If the iphone has a passcode lock on it, Cellebrite CANNOT read the information off of the phone. The police would need to access the computer on which the iphone is synched to get some files to put on a USB drive and into their Cellebrite to unlock the iphone,

Futhermore, the Cellebrite has a Sim card reader. If you go into your iphone phone options, you can turn on the SIM PIN, which is a 4 digit pin code that must be used when trying to access the SIM card. By defualt on the iphone 4, the code is 1111. If you change it, the cops won't be able to read the sim card.

F the police coming straight from the underground ;)
 

Attachments

  • Cellebrite006.png
    Cellebrite006.png
    107.5 KB · Views: 756
  • Cellebrite010.png
    Cellebrite010.png
    111.5 KB · Views: 222
sjinsjca

sjinsjca

macrumors 68020
Oct 30, 2008
2,238
555
Per http://www.cellebrite.com/images/stories/support files/Apple_iPhone_Passcode_Bypass_instructions.pdf the investigator must have physical possession of both the iPhone and the Mac or PC to which the phone has been synced, with an unencrypted backup. He must have user or admin access to the computer as well.

I suspect that if all the above is true, your iPhone is the least of your worries.

In any case, using a passcode lock and encrypting your iTunes backup (which requires a simple checkmark on iTunes' initial page for your iDevice) is sufficient to block this snooping. Downloading the entirety of the iDevice's internal storage is not yet possible but is promised as an upcoming feature, per http://www.cellebrite.com/images/stories/release-notes/release note-march-2-ROW-s.pdf
 
kidaquarius

kidaquarius

macrumors member
Mar 9, 2011
66
0
Detroit
Flex your Rights.

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.


[delivered by an iPhone]
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom