Cellebrite UFED

Last updated
Cellebrite UFED
CLB logo Tag 2color pos rgb.png
Ufed mobile phone imaging device (8661348282).jpg
Cellebrite UFED device for extracting forensics information from mobile devices
Website cellebrite.com/en/ufed-ultimate/

The UFED (Universal Forensics Extraction Device) is a product series of the Israeli company Cellebrite, which is used for the extraction and analysis of data from mobile devices by law enforcement agencies. [1]

Contents

History

In 2019, Cellebrite announced a new version of the UFED, called the UFED Premium. The company claimed that it can unlock iOS devices including those running iOS 12.3 and Android phones such as the Galaxy S9. [2] Cellebrite does not allow the resale of their products. The original list price of the product is around US$6000, but they have been sold on eBay for around US$100. Some devices that were resold still contained data about criminal investigations. [3] In 2021, Moxie Marlinspike, creator of the encrypted messaging app Signal, released a blog post on the app's website detailing a number of vulnerabilities in Cellebrite's UFED and Physical Analyzer software that allowed for arbitrary code execution on Windows computers running the software. One exploit he detailed involved the UFED scanning a specially formatted file which could then be used to execute arbitrary code on the computer running the UFED. Marlinspike wrote that the code could then "[modify] not just the Cellebrite report being created in that scan, but also all previous and future generated Cellebrite reports from all previously scanned devices and all future scanned devices in any arbitrary way". [4] Marlinspike also found that Cellebrite software was bundled with out-of-date FFmpeg DLL files from 2012, which lacked over 100 subsequent security updates. Windows Installer packages, extracted from the Windows installer for iTunes and signed by Apple, were also found, which he said raised legal concerns. [5] Cellebrite issued a statement in response, saying the company "is committed to protecting the integrity of our customers’ data, and we continually audit and update our software in order to equip our customers with the best digital intelligence solutions available." [6] The report by Signal followed an announcement by Cellebrite in 2020 that it had developed technology to crack encrypted messages in the Signal app, a claim the company later retracted and downplayed. [7] [8]

The announcement by Marlinspike raised questions about the integrity of data extracted by the software, [9] [10] and prompted Cellebrite to patch some of the vulnerabilities found by Signal and to remove full support for analyzing iPhones. [11] [12]

Products

Cellebrite sells various products in the UFED series: [13]

Features

On the UFED Touch, it is possible to select extraction of data and choose from a wide list of vendors. After the data extraction is done, it is possible to analyze the data in the Physical Analyzer application. [14]

The Cellebrite UFED Physical Analyzer supports the following features: [14]

See also

Related Research Articles

End-to-end encryption (E2EE) is a private communication system in which only communicating users can participate. As such, no one else, including the communication system provider, telecom providers, Internet providers or malicious actors, can access the cryptographic keys needed to converse. End-to-end encryption is intended to prevent data being read or secretly modified, other than by the true sender and recipient(s). The messages are encrypted by the sender but the third party does not have a means to decrypt them, and stores them encrypted. The recipients retrieve the encrypted data and decrypt it themselves. Because no third parties can decipher the data being communicated or stored, for example, companies that provide end-to-end encryption are unable to hand over texts of their customers' messages to the authorities.

<span class="mw-page-title-main">Keychain (software)</span> Password management system in macOS

Keychain is the password management system in macOS, developed by Apple. It was introduced with Mac OS 8.6, and has been included in all subsequent versions of the operating system, now known as macOS. A Keychain can contain various types of data: passwords, private keys, certificates, and secure notes.

This is a comparison of voice over IP (VoIP) software used to conduct telephone-like voice conversations across Internet Protocol (IP) based networks. For residential markets, voice over IP phone service is often cheaper than traditional public switched telephone network (PSTN) service and can remove geographic restrictions to telephone numbers, e.g., have a PSTN phone number in a New York area code ring in Tokyo.

Mobipocket SA was a French company incorporated in March 2000 that created the .mobi e-book file format and produced the Mobipocket Reader software for mobile phones, personal digital assistants (PDA) and desktop operating systems.

<span class="mw-page-title-main">Samy Kamkar</span> American privacy and security researcher, computer hacker, whistleblower and entrepreneur

Samy Kamkar is an American privacy and security researcher, computer hacker and entrepreneur. At the age of 16, he dropped out of high school. One year later, he co-founded Fonality, a unified communications company based on open-source software, which raised over $46 million in private funding. In 2005, he created and released the fastest spreading virus of all time, the MySpace worm Samy, and was subsequently raided by the United States Secret Service under the Patriot Act. He also created SkyJack, a custom drone which hacks into any nearby Parrot drones allowing them to be controlled by its operator and created the Evercookie, which appeared in a top-secret NSA document revealed by Edward Snowden and on the front page of The New York Times. He has also worked with The Wall Street Journal, and discovered the illicit mobile phone tracking where the Apple iPhone, Google Android and Microsoft Windows Phone mobile devices transmit GPS and Wi-Fi information to their parent companies. His mobile research led to a series of class-action lawsuits against the companies and a privacy hearing on Capitol Hill. Kamkar has a chapter giving advice in Tim Ferriss' book Tools of Titans.

iOS jailbreaking is the use of a privilege escalation exploit to remove software restrictions imposed by Apple on devices running iOS and iOS-based operating systems. It is typically done through a series of kernel patches. A jailbroken device typically permits root access within the operating system and provides the right to install software unavailable through the App Store. Different devices and versions are exploited with a variety of tools. Apple views jailbreaking as a violation of the end-user license agreement and strongly cautions device owners not to try to achieve root access through the exploitation of vulnerabilities.

<span class="mw-page-title-main">Mobile device forensics</span> Recovery of evidence from mobile devices

Mobile device forensics is a branch of digital forensics relating to recovery of digital evidence or data from a mobile device under forensically sound conditions. The phrase mobile device usually refers to mobile phones; however, it can also relate to any digital device that has both internal memory and communication ability, including PDA devices, GPS devices and tablet computers.

<span class="mw-page-title-main">Moxie Marlinspike</span> American entrepreneur

Matthew Rosenfeld, better known by the pseudonym Moxie Marlinspike, is an American entrepreneur, cryptographer, and computer security researcher. Marlinspike is the creator of Signal, co-founder of the Signal Technology Foundation, and served as the first CEO of Signal Messenger LLC. He is also a co-author of the Signal Protocol encryption used by Signal, WhatsApp, Google Messages, Facebook Messenger, and Skype.

Cellebrite DI Ltd. is an Israeli digital intelligence company that provides tools for federal, state, and local law enforcement as well as enterprise companies and service providers to collect, review, analyze and manage digital data. On April 8, 2021, Cellebrite announced plans to go public via a merger with a blank-check firm, valuing the company at approximately $2.4 billion. Their flagship product series is the Cellebrite UFED.

Whisper Systems was an American enterprise mobile security company that was co-founded by security researcher Moxie Marlinspike and roboticist Stuart Anderson in 2010. The company was acquired by Twitter in November 2011. Some of the company's software products were released under open-source licenses after the acquisition. An independent group called Open Whisper Systems later picked up the development of this open-source software, which led to the creation of the Signal Technology Foundation.

TextSecure was an encrypted messaging application for Android that was developed from 2010 to 2015. It was a predecessor to Signal and the first application to use the Signal Protocol, which has since been implemented into WhatsApp and other applications. TextSecure used end-to-end encryption to secure the transmission of text messages, group messages, attachments and media messages to other TextSecure users.

<span class="mw-page-title-main">Open Whisper Systems</span> Open source software organization

Open Whisper Systems was a software development group that was founded by Moxie Marlinspike in 2013. The group picked up the open source development of TextSecure and RedPhone, and was later responsible for starting the development of the Signal Protocol and the Signal messaging app. In 2018, Signal Messenger was incorporated as an LLC by Moxie Marlinspike and Brian Acton and then rolled under the independent 501c3 non-profit Signal Technology Foundation. Today, the Signal app is developed by Signal Messenger LLC, which is funded by the Signal Technology Foundation.

<span class="mw-page-title-main">Signal (software)</span> Privacy-focused encrypted messaging app

Signal is an open-source, encrypted messaging service for instant messaging, voice calls, and video calls. The instant messaging function includes sending text, voice notes, images, videos, and other files. Communication may be one-to-one between users or may involve group messaging.

<span class="mw-page-title-main">Apple–FBI encryption dispute</span> 2015-2016 public relations and legal dispute

The Apple–FBI encryption dispute concerns whether and to what extent courts in the United States can compel manufacturers to assist in unlocking cell phones whose data are cryptographically protected. There is much debate over public access to strong encryption.

<span class="mw-page-title-main">Signal Protocol</span> Non-federated cryptographic protocol

The Signal Protocol is a non-federated cryptographic protocol that provides end-to-end encryption for voice and instant messaging conversations. The protocol was developed by Open Whisper Systems in 2013 and was introduced in the open-source TextSecure app, which later became Signal. Several closed-source applications have implemented the protocol, such as WhatsApp, which is said to encrypt the conversations of "more than a billion people worldwide" or Google who provides end-to-end encryption by default to all RCS-based conversations between users of their Google Messages app for one-to-one conversations. Facebook Messenger also say they offer the protocol for optional Secret Conversations, as does Skype for its Private Conversations.

<span class="mw-page-title-main">Domain fronting</span> Technique for Internet censorship circumvention

Domain fronting is a technique for Internet censorship circumvention that uses different domain names in different communication layers of an HTTPS connection to discreetly connect to a different target domain than that which is discernable to third parties monitoring the requests and connections.

<span class="mw-page-title-main">Signal Foundation</span> American non-profit organization

The Signal Technology Foundation, commonly known as the Signal Foundation, is an American non-profit organization founded in 2018 by Moxie Marlinspike and Brian Acton. Its mission is to "protect free expression and enable secure global communication through open source privacy technology." Its subsidiary, Signal Messenger LLC, is responsible for the development of the Signal messaging app and the Signal Protocol.

Grayshift is an American mobile device forensics company which makes a device named GrayKey to crack iPhones, iPads, and Android devices. In 2023, it merged with the Canadian firm Magnet Forensics.

<span class="mw-page-title-main">Bootloader unlocking</span> Process of disabling secure device booting

Bootloader unlocking is the process of disabling the bootloader security that makes secure boot possible. It can make advanced customizations possible, such as installing a custom firmware. On smartphones this can be a custom Android distribution or another mobile operating system. Some bootloaders are not locked at all, others can be unlocked using a standard command, others need assistance from the manufacturer. Some do not include an unlocking method and can only be unlocked through a software exploit.

<span class="mw-page-title-main">Silence (software)</span>

Silence is a free, open-source messaging encryption software, based on a fork from TextSecure software. It allows the secure exchange of SMS and MMS-type messages with other Silence or TextSecure users. The program allows message encryption and identity verification between correspondents by comparing the fingerprint of the encryption keys.

References

  1. Khalili, Joel (2021-07-31). "Cellebrite: The mysterious phone-cracking company that insists it has nothing to hide". TechRadar . Archived from the original on 2021-07-31. Retrieved 2021-09-07.
  2. "Cellebrite Now Says It Can Unlock Any iPhone for Cops". Wired. ISSN   1059-1028 . Retrieved 2021-09-07.
  3. Swearingen, Jake (2019-02-28). "Cops' Favorite Phone Hacking Tool Is Being Sold on eBay". Intelligencer . Archived from the original on 2019-03-01. Retrieved 2021-09-07.
  4. Marlinspike, Moxie (April 21, 2021). "Exploiting vulnerabilities in Cellebrite UFED and Physical Analyzer from an app's perspective". Signal Blog. Archived from the original on 2021-04-21. Retrieved 2021-04-22.
  5. Goodin, Dan (2021-04-21). "In epic hack, Signal developer turns the tables on forensics firm Cellebrite". Ars Technica . Archived from the original on 2021-04-21. Retrieved 2021-04-22.
  6. Kan, Michael (April 21, 2021). "iPhone Hacking Device From Cellebrite Is Rife With Exploitable Flaws, Says Signal". PCMag . Archived from the original on 2021-04-21. Retrieved 2021-04-22.
  7. "Encrypted chat app Signal alleges flaws in Cellebrite equipment". Reuters. 2021-04-21. Retrieved 2021-04-22.
  8. "Signal slams Cellebrite security company over alleged security holes". BBC News. 2021-04-22. Retrieved 2021-04-23.
  9. Ropek, Lucas (April 27, 2021). "Signal's Cellebrite Hack Is Already Causing Grief for the Law". Gizmodo . Archived from the original on April 28, 2021. Retrieved April 28, 2021.
  10. Yaron, Oded; Benjakob, Omer (April 25, 2021). "'Stop Using Cellebrite': Israeli, U.K. Police Urged to Stop Using Phone-hacking Tech". Haaretz . Archived from the original on April 28, 2021. Retrieved April 28, 2021.
  11. Lovejoy, Ben (April 27, 2021). "Cellebrite Physical Analyzer no longer fully available for iPhones following Signal blog post". 9to5mac. Archived from the original on April 28, 2021. Retrieved April 28, 2021.
  12. Franceschi-Bicchierai, Lorenzo; Cox, Joseph (April 27, 2021). "Cellebrite Pushes Update After Signal Owner Hacks Device". Motherboard . Archived from the original on April 28, 2021. Retrieved April 28, 2021.
  13. Latifi, Shahram, ed. (2018). Information Technology -- New Generations: 15th International Conference on Information Technology. Cham, Switzerland: Springer. p. 82. ISBN   978-3-319-77028-4. OCLC   1031400154.
  14. 1 2 Bommisetty, Satish (2014). Practical mobile forensics: dive into mobile forensics on iOS, Android, Windows, and BlackBerry devices with this action-packed, practical guide. Rohit Tamma, Heather Mahalik. Birmingham, UK: Packt Pub. ISBN   978-1-78328-832-8. OCLC   888036062.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.