The “arms race” of mobile forensics – ever-tougher encryption and the breakneck operations to crack it – has become more of a public tug-of-war than ever before.
Cellebrite, the largest player in the mobile-forensics industry, unveiled its UFED Premium last Friday. Along with the announcement came the bombshell: that it can now get into any Apple iOS device, and many of the high-end Android devices.
“An exclusive solution for law enforcement to unlock and extract data from all iOS and Android devices,” the company said in a tweet.
Those devices have historically been the toughest to crack – and Cellebrite’s newfound ability to perform a full-file system extraction on any iOS device in particular would allow law enforcement “to get much more data than what is possible through logical extractions and other conventional means.”
“Our certified forensic experts can also help you gain access to sensitive mobile evidence form several locked, encrypted or damaged iOS and Android devices using advanced in-lab only techniques,” the company added in its Friday announcement.
The latest tool works on Apple device running anything from iOS 7 to iOS 12.3, according to the company. Among the Android devices covered are the Samsung S6, S7, S8, and S9. Also supported are the most popular models of Motorola, Huawei, LG and Xiaomi.
The announcement follows the highly-publicized breakthrough of the GrayKey devices made by Grayshift more than a year ago. The GrayKey tool had exploited a low-power loophole in some iOS systems, one expert explained to Forensic Magazine. But Apple put in a fix to stop the access late last year, involving an iOS system to reconnect with a home device. Since then, GrayKey has made some inroads on some Apple devices – but not all of them, according to experts.
Christopher Dixon, a digital forensics manager at the New Jersey firm CohnReznick, told Forensic Magazinethat it appeared that Cellebrite, with its UFED Premium service, was making a push specifically toward law enforcement – and not private forensic experts.
“It really seems to be geared toward law enforcement,” said Dixon. “They’re always looking for ways to get a leg up on the competition – and this seems one way to do it.”
The Israeli-based Cellebrite was reportedly the agency which helped the FBI crack some Apple encryption in the very-public quest to access one of the phones of the husband-and-wife terrorists from the San Bernardino attack of December 2015.
In 2015, Cellebrite gave Forensic Magazine a demonstration of an earlier version of UFED in action. Basically, UFED platform pulls data from a smartphone, giving locations, times, uses and just about any other data. Some phones can be cracked with the most simple, “logical” extraction. For the toughest cases, it could extend to a “physical” extraction, by which the UFED images the memory of the device, and then essentially loads an application over the memory to “trick” it into yielding the valuable data. At that time, the analysis took anywhere from 20 minutes, up to several hours, depending on the device and the amount of information being analyzed.
But the technology has, and constantly continues to, advance, several experts said.