Cellebrite UFED data dump main page

Documents uncovered by ZDNet have revealed the true scope of technology from Israeli developer Cellebrite Mobile Synchronization, which specializes in smartphone data extraction, transfer and analysis.

The leaked documents show just how much private data its smartphone forensic tool UFED, used by law enforcement, is capable of extracting from iPhones.

In a single data-extraction session, investigators were able to collect a huge array of personal data from an iPhone 5 like messages, phone calls, voicemails, images and more, including some deleted content. UFED can pull similar data from other phones, too, including Wi-Fi hotspots and cellular towers the device’s was connected to.

The image top of post shows the tool’s extraction report for an iPhone 5 running iOS 8.

After plugging the device to a machine running the tool, the officer was able to perform a logical extraction, which downloads what’s in the phone’s memory at the time.

Here’s some of the extracted data:

  • Mobile phone number
  • Registered Apple ID
  • iPhone’s IMEI number
  • Joined Wi-Fi networks
  • Database files
  • Call logs
  • Voicemails
  • User accounts in apps
  • Text messages
  • Music files
  • Notes
  • Calendars and contacts
  • Geolocation from photos
  • Installed apps
  • .plist configuration files
  • Settings and cached data
  • Web bookmarks and cookies

The software can also cross-reference data from the device to build up profiles across contacts, SMS and other communications. As mentioned earlier, UFED even extracted some content that had been deleted from the device, like deleted messages and photos.

Cellebrite UFED data dump locations
Cellebrite’s tool captures the geolocation of every photo that’s been taken.

It’s important to note that the phone’s owner didn’t set up a passcode, which has left the device entirely unencrypted and more vulnerable to Cellebrite’s hacking tool.

With that in mind, had the iPhone 5 in question been protected with a passcode, the data on the phone would have been fully encrypted and iOS would have deleted everything on the device after ten failed attempts to guess the passcode.

The FBI reportedly paid Cellebrite $1.3 million for UFED and apparently used it to bypass iOS’s passcode delay and automatic wipe features on the San Bernardino shooter’s iPhone 5c. Apple, naturally, wanted to learn about the exploits Cellebrite’s tool uses, but the FBI wasn’t interested in sharing that information.

Cellebrite UFED data dump call logs

Cellebrite alluded in April it might be able to bypass the passcode protection on the iPhone 6 series, but wouldn’t comment beyond that vague statement. The FBI later said Cellebrite’s forensic tools do not work on iPhone 5s and newer and Cellebrite itself has said that it’s indeed unable to crack the passcodes on iPhone 4s and later.

Cellebrite UFED data dump messages timeline
Investigators can see Messages content sorted chronologically.

One possible reason for that: Apple-designed processors that power iPhone 5s and newer phones feature an embedded Secure Enclave crypto-engine with its own encrypted memory and other hardware-based features aimed at strengthening security.

The Economic Times reported last month that India’s premier forensic institute, called The Forensic Science Laboratory, was buying Cellebrite’s technology to help its law enforcement agencies bypass locked iPhones.

A subsidiary of Japan’s Sun Corporation, Cellebrite was founded in 1996.

Source: ZDNet

  • ListenUpGuys

    Looks perfect for data migration. Where can I get it? 😉

    • Tell It like it is

      Go to your local Apple Store they use CelleBrite just for that purpose

      • Bugs Bunnay

        listen up guys! tell it like it is!

  • Bugs Bunnay

    I don’t suppose anyone here knows about stingray towers? Oh you know. Those cell towers that look like trees. Yeah. This stuff runs deep. No plugging in needed.

    • Timothy

      Do you have any idea what you’re talking about? It sure doesn’t seem like it…

      • YaBoyLilMayo

        He kinda does I think ur the one who’s confused

      • Hunter Matula

        Yah man google/YouTube, carefully, IMSI Catcher… didn’t Snowden teach you anything? For the love of God, and not their “God”, I’m giving reference to the all seeing Flying Spaghetti Monster!

        I’m mean really, is there any wonder why everything is as &$’.! Up as it is?..

      • Bugs Bunnay

        nope. I was just making it up to act like I know stuff. i’d like to hear from you what all these cell towers that look like trees are all about. i’m just a simple average joe who drinks fluoridated water, eat gmo food, and get my daily mind conditioning from the mainstream media just like everyone else. i’m so ready to take some information from you.

      • Timothy

        They’re just cell towers. The companies try and fail to make them blend in with their surroundings. No need for all the sass.

      • Bugs Bunnay

        lol thanks bud. i’ll lower my sassiness next time xD

      • nova12

        Yup, this. There is one at my son’s middle school. Residents raised a huge stink when the tower was proposed, because they didn’t want to look at a cell tower in their backyards. So they just made it look like a tree to placate the residents. That’s all.

    • YaBoyLilMayo

      Stingrays aren’t towers they go on the roof of cop cars bruh

      • Bugs Bunnay

        ohrly?! well I guess i’m sorry then bruh bruh. fyi “stingray” is just a name used by many… even Wikipedia has info on this. please search a little more and enlighten yourself.

      • YaBoyLilMayo

        Lol no it’s not just a name used by many, hold this L bruh bruh

      • Bugs Bunnay

        you provided me with no source. ok bruh you win.

  • jOn Garrett

    It’s funny that people believe that iPhones (or any other phone) are invincible. Anything electronic is accessable.

    The people most likely to have their data accessed are people who think it can’t be.