Leaked documents show breadth of iPhone data accessible by Cellebrite forensic tool

Posted:
in iPhone edited December 2016
Thanks to the recent encryption debate many smartphone owners are keenly aware of personal data stored on their iPhone, from contacts to calendar entries to photo metadata and more. Newly leaked documents relating to Israeli digital forensics firm Cellebrite demonstrate how much of that information is available to law enforcement agencies, at least when a device is left unencrypted.


Source: ZDNet


Cellebrite is one of a number of firms specializing in cellphone cracking technology, or more specifically mobile device intrusion and data retrieval software and hardware. The company claims its UFED tool can bypass passcode locks, extract and decode almost all data from hundreds of smartphone and tablet models, including Apple hardware.

The capabilities of platforms like UFED are known but not widely discussed beyond certain circles. As revealed by ZDNet on Thursday, however, a series of extraction reports from an iPhone 5 running iOS 8 shows how much data can be gleaned from an unprotected handset, and subsequently the value of strong device encryption.

While not a definitive catalog of forensics capabilities available to law enforcement agencies, or customers willing to pay for services from Cellebrite and others, the leaked files reveal successful transfers of basic system information, calendar entries, voicemail messages, call logs, cookies, locations, notes and much more.

The publication notes the tool was even able to retrieve files a user recently deleted, though as anyone familiar with digital storage knows, "deleting" a file does not necessarily erase it from a hard drive or flash memory.

Most of the information extracted by Cellebrite's tool can also be downloaded by verified users through common software, including Apple's iTunes, but accessing data like configuration and database files requires a more involved procedure.

Law enforcement agencies have for years use UFED systems to extract mission critical data related to ongoing investigations. Notably, Cellebrite was at one time rumored to have assisted the Federal Bureau of Investigation bypass an iPhone 5c used by San Bernardino terrorist Syed Farook, though later reports suggested the agency actually purchased a zero-day exploit from gray hat hackers.

More recently, Cellebrite reportedly struck a deal with the Indian government to provide law enforcement officials in that country the tools to access a wide variety of devices.

It's worth reiterating that the target iPhone in featured in ZDNet's report was not protected by a passcode, meaning any and all present data was left unencrypted.

After taking initial steps toward protecting customers with Activation Lock in iOS 7, Apple enabled end-to-end data encryption in iOS 8. The company later introduced extremely sophisticated hardware-based safeguards with the Secure Enclave coprocessor and Touch ID in iPhone 5s. Cellebrite itself notes its UFED system is unable to crack passwords on iPhone 4S and above.

The latest iPhone and iPad hardware build on those early technologies to stay one step ahead of hackers and, controversially, the government. That being said, even the best methods can't protect users who refuse to passcode lock their device.
SpamSandwich

Comments

  • Reply 1 of 11
    I am having trouble understanding the point of the article. If something is unencrypted and not password protected, Cellebrite can apparently get at it. So can anyone?

    For a typical post-5S user who password protects their phone, can Cellebrite do anything? If so, why not say so? If not, what's the big deal with Cellebrite that's worthy of a laudatory article!?
    edited December 2016 tomkarllolliverbaconstangericthehalfbee[Deleted User]elijahgmacxpressjony0
  • Reply 2 of 11

    It's worth reiterating that the target iPhone in featured in ZDNet's report was not protected by a passcode, meaning any and all present data was left unencrypted. 



    Technically, all the data was still very much encrypted. It's useful to guarantee a secure device wipe. It also means you don't have to reencrypt everything if you ever decide to enable or change the passcode.

    However, the master encryption key is directly accessible when there's no passcode enabled. (And since there's no passcode, you can easily gain access to iOS' backup service to grab data off the device if the owner hadn't previously enabled encrypted backups in iTunes)
    edited December 2016
  • Reply 3 of 11
    It's worth reiterating that the target iPhone in featured in ZDNet's report was not protected by a passcode, meaning any and all present data was left unencrypted. 

    So... they just turned it on and opened Messages app, Calendar app, Mail app etc. Can't anyone do this?
  • Reply 4 of 11
    SoliSoli Posts: 8,977member
    Rosyna said:

    It's worth reiterating that the target iPhone in featured in ZDNet's report was not protected by a passcode, meaning any and all present data was left unencrypted. 


    And since there's no passcode, you can easily gain access to iOS' backup service to grab data off the device if the owner hadn't previously enabled encrypted backups in iTunes)
    Wouldn't the iOS backup service still require your iCloud account or your iTunes backup which can be both protected by your user account password, a backup password, and encryption for both the OS and the backup?
  • Reply 5 of 11
    gtrgtr Posts: 3,231member
    This is bullsh*t.

    I'm switching to Android.
    SolicyberzombieGeorgeBMaclkruppwilliamhspherictallest skilbonobobchris_caapplepieguy
  • Reply 6 of 11
    Well,,, DUHHHH,,, the phone was NOT password protected, so that means its wide open! Another meaningless article for the sake of getting someone's crap in print!
  • Reply 7 of 11
    To date, most of this high level security debate was academic for most Americans...

    But now that we see our law enforcement/FBI and political leaders shift from investigating and attacking American enemies to their political enemies, it suddenly becomes much more relevant.
    boredumb
  • Reply 8 of 11
    Swipe to unlock, baby!

    No passcode means it's wide open. Why demonstrate a tool that can't do anything more than what a simple set of finger gestures can do? 

    What I'd like to know is how easy it is to crack into the average Android device... they're "more open," after all. 
  • Reply 9 of 11
    Swipe to unlock, baby!

    No passcode means it's wide open. Why demonstrate a tool that can't do anything more than what a simple set of finger gestures can do? 

    What I'd like to know is how easy it is to crack into the average Android device... they're "more open," after all. 
    The tool can exploit vulnerabilities in many devices to remove unlock passwords and obtain the data.  For some Android devices that it can't simply unlock and that are not configured to wipe after guesses, you can pair it with a camera and it will brute force the password.  It sends the guesses over the cable and uses the camera to determine when it is successful.  It can also do a great deal of analysis of the data and also packages the data in a format that other tools can import. Just the dongles might be worth the price for some folks.  It comes with a sort of little suitcase full of cables and adapters for practically every phone and a kit for cloning SIM cards.
  • Reply 10 of 11
    boredumbboredumb Posts: 1,415member
    To date, most of this high level security debate was academic for most Americans...

    But now that we see our law enforcement/FBI and political leaders shift from investigating and attacking American enemies to their political enemies, it suddenly becomes much more relevant.
    So...I guess it's a good thing for us we weren't using iPhones in Nixon's day?
  • Reply 11 of 11
    Cellebrite reportedly struck a deal with the Indian government to provide law enforcement officials in that country the tools to access a wide variety of devices.

    This is why I'll never use an Android or other phone in India. The Indian government wants a "digital society" so that it can more easily spy on its citizens, to make sure they're not engaging in "anti-national" speech or activities, but they have absolutely ZERO concern for people's privacy and security.


Sign In or Register to comment.