Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Leaked Documents Reveal What Kind of Data Cellebrite Can Extract From iPhones

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
66,031
34,858



Israeli mobile software developer Cellebrite gained media attention earlier this year when rumors suggested the FBI recruited the company to unlock San Bernardino shooter Syed Farook's iPhone. While the FBI did not enlist Cellebrite's help, the company does have technology licensed by governments that can extract iPhone data. ZDNet has obtained documents that reveal the scope of this technology.

cellebrite-800x395.png

The leaked files are "extraction reports," which are organized to allow investigators to easily see and analyze data from a phone. Extraction is conducted by plugging the phone into a Cellebrite UFED device. While the device is primarily for extracting information currently on the phone it can, in some cases, extract recently deleted items. The phone at the heart of ZDNet's extraction report was an non-passcode protected iPhone 5 running iOS 8.

The first couple pages of the report include case numbers and unique identifying information for the device, including phone number, IMEI numbers and Apple ID. In these first pages, the report also divulges which plugins the software used to extract information from the device. These plugins can help the software extract data from QuickTime and iPhone backups.

The report compiles geolocation data from every photo taken on the device and visualizes it on a map, allowing an investigator to easily see when and where a person was. Text messages are organized in chronological order, which makes it easier for investigators to track conversations. The wireless networks a device has connected to are also logged, including the MAC address of the router, encryption type and the time last connected to the network.

Call log information includes whether the call is incoming or outgoing, the time, date, the other number on the call, and the duration of the call. Contacts, installed apps and user accounts on the device are also collected. Configurations and databases from apps, which include settings and cache data, are included in collection. Notes and voice mails are also extracted.

Finally, Cellebrite's technology includes an analytics engine that can figure out how many actions have taken place per phone number. For instance, it can tell investigators how many calls and text messages have occurred with each contact.

Cellebrite notes that its UFED device cannot crack passcodes on iPhone 4s and later. iPhone 5s and later come with a secure enclave co-processor that makes it even more difficult to crack for information. In November, Cellebrite signed a deal with the Indian government to provide technology to bypass locked iPhones.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: Leaked Documents Reveal What Kind of Data Cellebrite Can Extract From iPhones
 
Article Link
https://www.macrumors.com/2016/12/23/leaked-documents-cellebrite-extraction-data/
  • Like
Reactions: ismail457
The document goes up to only iPhone 5 unprotected with no passcode on iOS 8....

"The phone at the heart of ZDNet's extraction report was an non-passcode protected iPhone 5 running iOS 8."

iOS 10.2 with a 64 bit iPhone/iPad (5S and up) are much more secure then this..32 bit iOS devices running on latest OS version are more vulnerable due to 64 bit being more secure..

iOS active base currently is absolutely tons more secure then Android atm. over 75% of Android devices being used right now dont even have any FDE/FBE on(disk encryption)
 
  • Like
Reactions: Eraserhead
Actually, all that information you see here is contained in an iTunes backup. All Cellebrite's software does is perform an iTunes backup and examined the included data. Basically you could do the same with some third party iTunes Backup tool. Their software just does it in a more advanced way tailored to law enforcement.

Timeline just takes every event with a timestamp and puts in a chronological order. So for example you can see that the subject received a WhatsApp message at time X, had an outgoing call at X+1, did some web browsing at X+2 and so on.
 
Last edited:
  • Like
Reactions: Wondercow, dmi and MR-LIZARD
This report should highlight just how much of your daily life is actually captured and stored.

With the data there you can do interesting analysis
 
iPhones sure get a lot of headlines for this, yet I have yet to see a single one for an Android phone .... "FBI seeks Google's help to crack an Android" ... so I'm curious what the state of this is? Some distributions easy to crack, some more secure? I suspect that is the case.
 
Shookster said:
What does Timeline refer to?
Click to expand...
A reconstruction of what you did that day based on time stamps for all the activities you performed or the phone captured .
[doublepost=1482475377][/doublepost]
coolfactor said:
iPhones sure get a lot of headlines for this, yet I have yet to see a single one for an Android phone .... "FBI seeks Google's help to crack an Android" ... so I'm curious what the state of this is? Some distributions easy to crack, some more secure? I suspect that is the case.
Click to expand...

To be honest , personally as a iPhone user, I don't care. I'm more interested about my own privacy and not deflecting debates about the other guys problems.
 
Crazy that this article and its source are so descriptive about the immense personal data they can harvest, but then in one tiny sentence at the end it says this all can only come from a phone older than a 5S and with no passcode set at all.

What? Who cares then? Just have a phone newer than one that came out in 2012, or have a passcode and they can't get anything. Business as usual.
 
  • Like
Reactions: vmistery, centauratlas, t1meless1nf1n1t and 2 others
coolfactor said:
iPhones sure get a lot of headlines for this, yet I have yet to see a single one for an Android phone .... "FBI seeks Google's help to crack an Android" ... so I'm curious what the state of this is? Some distributions easy to crack, some more secure? I suspect that is the case.
Click to expand...
It varies for Android because it depends on the manufacturer. Some are pretty easy (hello Samsung), others are more difficult to get into. As of now, almost all Android phones are not fully encrypted, so there's pretty much always a way to extract data even if the process sometimes might be a little bit more... extensive. But this is currently changing as devices which come with Android 7 out of the box are encrypted which will be a challenge. iPhones have been fully encrypted for some time now and Android is getting to that level just now.
 
Powermax said:
Actually, all that information you see here is contained in an iTunes backup. All Cellebrite's software does is perform an iTunes backup and examined the included data. Basically you could do the same with some third party iTunes Backup tool. Their software just does it in a more advanced way tailored to law enforcement.

Timeline just takes every event with a timestamp and puts in a chronological order. So for example you can see that the subject received a WhatsApp message at time X, had an outgoing call at X+1, did some web browsing at X+2 and so on.
Click to expand...

Step 1: Use iPhone backup routine
Step 2: include some password bypasses for older iOS versions
Step 3: write in the fine print that it's useless for encrypted devices (which are probably over 80% of iPhones)
Step 4: get millions from governments all over the world for useless crap

Now you know where tax money is going
 
  • Like
Reactions: Huck
I came here with a different comment, but then I read that this is a discussion of political and/or religious nature, so that totally changed the tone for me. Sorry, i will refrain from posting then - I was focussed on it being about Apple. Sorry.
 
  • Like
Reactions: Huck
I guess we'll see Apple release an update that includes a "do not perform an iTunes backup without entering passcode" or something similar.
 
That is already the case today. You'll need to unlock your iPhone first before you can perform a backup. Without unlocking the iPhone, you cannot confirm the "trust" dialog on the phone and therefore the device doesn't start a data connection with a new computer.

The exception here, of course, is if it's your own computer and your iPhone has not been restarted.
 
  • Like
Reactions: myscrnnm and centauratlas
Security is one of the reasons why I have stayed with Apple the last few years, despite what I feel is a misplaced priority of thinness over product features or battery life.

It wouldn't surprise me that governments like the US, Russia, China, Israel and some others have cracked that security. They have access to the best people and crypto-technology and funding is not an issue. But if they share how to crack technology with other governments or businesses then 2 things will happen:

  1. Someone will leak that there is a way to crack security for a device and
  2. Someone will fix that security flaw.
That's always been the case. Companies and countries have thought that their systems were secure but as long as people are an important link in the security chain a system can be hacked. Apple (apparently) is doing a much better job securing their system than any other company is doing currently for commercial non military devices.
 
  • Like
Reactions: Eraserhead
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back