Leaked Documents Reveal What Kind of Data Cellebrite Can Extract From iPhones

Discussion in 'Politics, Religion, Social Issues' started by MacRumors, Dec 22, 2016.

  1. MacRumors macrumors bot


    Apr 12, 2001

    Israeli mobile software developer Cellebrite gained media attention earlier this year when rumors suggested the FBI recruited the company to unlock San Bernardino shooter Syed Farook's iPhone. While the FBI did not enlist Cellebrite's help, the company does have technology licensed by governments that can extract iPhone data. ZDNet has obtained documents that reveal the scope of this technology.


    The leaked files are "extraction reports," which are organized to allow investigators to easily see and analyze data from a phone. Extraction is conducted by plugging the phone into a Cellebrite UFED device. While the device is primarily for extracting information currently on the phone it can, in some cases, extract recently deleted items. The phone at the heart of ZDNet's extraction report was an non-passcode protected iPhone 5 running iOS 8.

    The first couple pages of the report include case numbers and unique identifying information for the device, including phone number, IMEI numbers and Apple ID. In these first pages, the report also divulges which plugins the software used to extract information from the device. These plugins can help the software extract data from QuickTime and iPhone backups.

    The report compiles geolocation data from every photo taken on the device and visualizes it on a map, allowing an investigator to easily see when and where a person was. Text messages are organized in chronological order, which makes it easier for investigators to track conversations. The wireless networks a device has connected to are also logged, including the MAC address of the router, encryption type and the time last connected to the network.

    Call log information includes whether the call is incoming or outgoing, the time, date, the other number on the call, and the duration of the call. Contacts, installed apps and user accounts on the device are also collected. Configurations and databases from apps, which include settings and cache data, are included in collection. Notes and voice mails are also extracted.

    Finally, Cellebrite's technology includes an analytics engine that can figure out how many actions have taken place per phone number. For instance, it can tell investigators how many calls and text messages have occurred with each contact.

    Cellebrite notes that its UFED device cannot crack passcodes on iPhone 4s and later. iPhone 5s and later come with a secure enclave co-processor that makes it even more difficult to crack for information. In November, Cellebrite signed a deal with the Indian government to provide technology to bypass locked iPhones.

    Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

    Article Link: Leaked Documents Reveal What Kind of Data Cellebrite Can Extract From iPhones
  2. SoN1NjA macrumors 68000


    Feb 3, 2016
    the pool
    "Cannot crack passcodes on iPhone 4s or later."

    So basically anyone not living under a rock can't be passcode cracked? Only their metadata stolen right?
  3. AngerDanger, Dec 22, 2016
    Last edited: Dec 23, 2016

    AngerDanger macrumors 68040


    Dec 9, 2008
    Gotta make sure you back up that QuickTime.
  4. now i see it macrumors 68030

    Jan 2, 2002
    Apple: "We take security very seriously"

    Cellebrite: "ha ha ha ha ha"
  5. Tubamajuba macrumors 68020

    Jun 8, 2011
    Done with MacRumors, the trolls have won
  6. Carlanga macrumors 604


    Nov 5, 2009
    Someone didn't read lol
  7. Shookster macrumors regular

    Feb 16, 2009
  8. DaIfoneboss macrumors regular

    Oct 6, 2011
    The document goes up to only iPhone 5 unprotected with no passcode on iOS 8....

    "The phone at the heart of ZDNet's extraction report was an non-passcode protected iPhone 5 running iOS 8."

    iOS 10.2 with a 64 bit iPhone/iPad (5S and up) are much more secure then this..32 bit iOS devices running on latest OS version are more vulnerable due to 64 bit being more secure..

    iOS active base currently is absolutely tons more secure then Android atm. over 75% of Android devices being used right now dont even have any FDE/FBE on(disk encryption)
  9. Powermax, Dec 22, 2016
    Last edited: Dec 22, 2016

    Powermax macrumors regular

    Aug 11, 2006
    Actually, all that information you see here is contained in an iTunes backup. All Cellebrite's software does is perform an iTunes backup and examined the included data. Basically you could do the same with some third party iTunes Backup tool. Their software just does it in a more advanced way tailored to law enforcement.

    Timeline just takes every event with a timestamp and puts in a chronological order. So for example you can see that the subject received a WhatsApp message at time X, had an outgoing call at X+1, did some web browsing at X+2 and so on.
  10. MH01 Suspended


    Feb 11, 2008
    This report should highlight just how much of your daily life is actually captured and stored.

    With the data there you can do interesting analysis
  11. coolfactor macrumors 68040

    Jul 29, 2002
    Vancouver, BC CANADA
    iPhones sure get a lot of headlines for this, yet I have yet to see a single one for an Android phone .... "FBI seeks Google's help to crack an Android" ... so I'm curious what the state of this is? Some distributions easy to crack, some more secure? I suspect that is the case.
  12. MH01 Suspended


    Feb 11, 2008
    A reconstruction of what you did that day based on time stamps for all the activities you performed or the phone captured .
    --- Post Merged, Dec 22, 2016 ---
    To be honest , personally as a iPhone user, I don't care. I'm more interested about my own privacy and not deflecting debates about the other guys problems.
  13. fs454 macrumors 68000

    Dec 7, 2007
    Los Angeles / Boston
    Crazy that this article and its source are so descriptive about the immense personal data they can harvest, but then in one tiny sentence at the end it says this all can only come from a phone older than a 5S and with no passcode set at all.

    What? Who cares then? Just have a phone newer than one that came out in 2012, or have a passcode and they can't get anything. Business as usual.
  14. Powermax macrumors regular

    Aug 11, 2006
    It varies for Android because it depends on the manufacturer. Some are pretty easy (hello Samsung), others are more difficult to get into. As of now, almost all Android phones are not fully encrypted, so there's pretty much always a way to extract data even if the process sometimes might be a little bit more... extensive. But this is currently changing as devices which come with Android 7 out of the box are encrypted which will be a challenge. iPhones have been fully encrypted for some time now and Android is getting to that level just now.
  15. Wowereit macrumors 6502a

    Feb 1, 2016
    Step 1: Use iPhone backup routine
    Step 2: include some password bypasses for older iOS versions
    Step 3: write in the fine print that it's useless for encrypted devices (which are probably over 80% of iPhones)
    Step 4: get millions from governments all over the world for useless crap

    Now you know where tax money is going
  16. Powermax macrumors regular

    Aug 11, 2006
    Funny ;) In reality it's way more complex than that.
  17. Superhai macrumors 6502


    Apr 21, 2010
    The fact that law firms do not take their IT security serious enough so that evidence with so thorough personal data are available to anyone, should be a strong argument for not allowing backdoors into encryption systems.
  18. Floris macrumors 68020


    Sep 7, 2007
    I came here with a different comment, but then I read that this is a discussion of political and/or religious nature, so that totally changed the tone for me. Sorry, i will refrain from posting then - I was focussed on it being about Apple. Sorry.
  19. macTW Suspended

    Oct 17, 2016
    So. Does not work on any iPhone past 4S. On top of that, one company can do this. One. How many times have other phones and other tech companies been compromised?
  20. saudade macrumors 6502


    Sep 8, 2015
    Ok im safe cuz i have and iPhone 7 Plus so poliz cant c my things
  21. Dagless macrumors Core


    Jan 18, 2005
    Fighting to stay in the EU
    I guess we'll see Apple release an update that includes a "do not perform an iTunes backup without entering passcode" or something similar.
  22. Powermax macrumors regular

    Aug 11, 2006
    That is already the case today. You'll need to unlock your iPhone first before you can perform a backup. Without unlocking the iPhone, you cannot confirm the "trust" dialog on the phone and therefore the device doesn't start a data connection with a new computer.

    The exception here, of course, is if it's your own computer and your iPhone has not been restarted.
  23. Carmenia83 macrumors 6502

    Feb 25, 2012
    Extracting data from an iPhone that has no passcode lock. Somebody get these guys a Nobel Prize.
  24. BvizioN macrumors 601


    Mar 16, 2012
    Manchester, UK
    You clearly did not read the article.
  25. EdT macrumors 65816


    Mar 11, 2007
    Omaha, NE
    Security is one of the reasons why I have stayed with Apple the last few years, despite what I feel is a misplaced priority of thinness over product features or battery life.

    It wouldn't surprise me that governments like the US, Russia, China, Israel and some others have cracked that security. They have access to the best people and crypto-technology and funding is not an issue. But if they share how to crack technology with other governments or businesses then 2 things will happen:

    1. Someone will leak that there is a way to crack security for a device and
    2. Someone will fix that security flaw.
    That's always been the case. Companies and countries have thought that their systems were secure but as long as people are an important link in the security chain a system can be hacked. Apple (apparently) is doing a much better job securing their system than any other company is doing currently for commercial non military devices.

Share This Page