Israeli company Cellebrite’s latest mobile UFED (‘Universal Forensic Extraction Device’) Touch Ultimate. Cellebrite (http://www.cellebrite.com) says their devices, which can override user lock codes and retrieve deleted data, are used and sold only to military, law enforcement, intelligence agencies and select corporations like Apple around the world.
Tech Talk by Chris Beavers
Somehow I managed to get right past the chaos and lines of customers waiting outside a St. Louis Apple Store. It was almost closing time. I just ignored the employees checking tickets and lining up customers wanting to buy a new phone. I told them I had an appointment. I lied. It was the launch of the new iPhone 6 and I was in the middle of it. I was going to drop off my iPhone 5 which Apple had a replacement program going on for the power button being defective.
As I was standing at the Genius Bar counter waiting on Apple employees to check out my phone, employees were selling new iPhones as fast as they could ring them up. An employee pulled out a mobile Cellebrite UFED Touch Ultimate using the empty counter space next to me. They lovingly called it an “iPod hacker.” Being a geek and being a reporter knowing I was asked to write this piece, I watched as the employee set up the device used to check, repair, and fix cell phones by companies that do such work. They are the same device used by company employees in small cell provider stores all across America where you probably bought your phone or got service on it like Verizon, AT&T, T-Mobile, Best Buy, etc.
Not your standard UME
Except this was not the standard Cellebrite Universal Memory Exchanger (UME), a standalone phone-to-phone memory transfer and backup machine that transfers all forms of content, including pictures, videos, ringtones, SMS, and phone book contact data sold to such companies.
No. This was Cellebrite’s specialized ‘Universal Forensic Extraction Device’ (UFED) aimed at the digital forensics and investigation industry. Unlike its commercial counterpart, the UME, the UFED system is sold only to approved government and corporate organizations, like Apple. Also unlike the UME, the UFED extracts mobile device data directly onto an SD card or USB flash drives (although it does not store data within its own memory). Another major difference from the UME is found in the UFED’s ability to break codes, decipher encrypted information, recover deleted information and acquire hidden information even from password protected mobile applications such as Facebook, Skype, WhatsApp and browser-saved passwords. The UFED’s physical extraction functionality can also overcome devices’ password locks, as well as SIM pin numbers. The UFED has even appeared in two episodes of the TV series CSI: NY.
While there are several different products that can acquire data from cell phones, Cellebrite UFED units are often preferred by law enforcement agencies, as the units are self-contained and fairly simple to operate. Yes, that’s right. This is the same device some police usually carry with them and stealthily hook your cellphone up to in order to download or copy your phone while the other officer keeps you distracted.
You probably didn’t even know that happens, did you?
No…it’s not “gone” when deleted
You’re probably thinking to yourself, “My smartphone has a strong password on it. They can’t get into it. It’s encrypted even!” Or “Well, even if they can they have to have a warrant. Right?” Or “I don’t care. I have nothing to hide.”
And you’d be severely mistaken.
That’s what these machines do. They bypass all security. They collect and recover data. Encryption is not an issue because this machine breaks in to your phone, iPad, GPS navigator…just about any digital device you carry on you nowadays. It can recover those deleted and forgotten naughty bedroom photos you and the wife took when you were too drunk and decided better to delete them the next morning. Yeah, they’re still on your phone. Or those deleted texts from the one-night-stand that’s been stalking you and you’re worried the spouse might have found? Yeah, they’re still on your phone as well. Maybe the unapproved GPS route you took last week in the company car that you don’t want the boss to know about to go fishing…and you didn’t even USE the TomTom…Yeah, it’s on there too. That makes the whole idea of deleting things kinda useless, huh?
Allowing certain individuals into a locked device while the user assumes it’s fully secure is what’s known in the trade as a “back door.” Cellebrite works closely with manufacturers and law enforcement to make sure that they have those back doors and the means to get in. Cellebrite (http://www.cellebrite.com) says their devices, which can override user lock codes and retrieve deleted data, are used by military, law enforcement and intelligence agencies around the world. From legitimate uses like helping Apple employees to get in to recover a forgotten password and backup your data to helping the NSA or your local police department recover what may help an investigation to make questionable uses like allowing the police to pry into your deepest, more intimate personal information during a roadside safety check without a warrant, everything in your phone is at risk.
Thank you, Edward
And while the Supreme Court finally upheld your rights to privacy requiring police to obtain a warrant before searching your phone this April only after Edward Snowden blew the whistle on how much the NSA was spying on everyone and everything (thank you Edward), the police were doing cell phone data extraction without a warrant routinely up until that time. Why did police not try to get a warrant before snooping through your family photos?
Following an arrest, officers are allowed to search people and any containers on or immediately around them in order to protect themselves from any hidden weapons and to preserve evidence that might otherwise be lost, like the suspect dropping a baggie of drugs on the ground and claiming it’s not his. But lower courts across the country couldn’t agree whether this kind of search reasonably extended to cellphones. Some said that mobile-phone searches required warrants, while others said they didn’t.
However, the Supreme Court found that a cellphone is entirely unlike a typical container—for instance, a cigarette pack. Sure, both might contain evidence, but that evidence is physical in one instance and digital in the other. And the digital evidence that cellphones hold is both vast and tremendously personal. Today’s smart phones hold anything from bank and medical records to intimate text messages to data that tracks the owner’s location, and that falls squarely within the Fourth Amendment’s privacy protections.
Get a warrant? No need for that
Okay, so they need a warrant now, right? Yes, but with today’s technology, it may take officers as little as 15 minutes to get a warrant that authorizes a search. On top of that, officers can dig into the phone when there’s an emergency. The “exigent circumstances” doctrine allows officers to act without warrants when the circumstances are severe.
For example, if the officers have reason to believe that they can do nothing to stop the loss of a phone’s data and must search it now or never, they likely can do so. They certainly can go into the phone if there’s a basis to suspect that it can help them avert a disaster involving a ticking bomb or missing child.
And who decides these “exigent circumstances”? You guessed it. They do! Whatever they say goes, much like when we try to get public information on a case, even a closed one like say the Molly Young case, and their trained and standard reply is “It’s an on-going investigation.”
Cloning SIM cards
A UFED kit can also clone, or copy, a SIM card. SIM cards are used by some cellar companies such as AT&T and T-Moble among others. On those networks, the SIM card is activated as opposed to the actual device, meaning you can take the SIM card out of your device and put it into another phone that accepts a SIM card and instantly that new device now becomes your cellphone with whatever phone number was assigned your SIM card, all without any interaction from the cell service provider. Exactly the same way cellular pirates clone a stolen SIM card or “steal” your phone by racking up charges on their clone of your SIM or listen in to all voice and texts that you are getting and receiving with you not even knowing the text you just send to your sweetheart went to not only them, but also another phone that could be halfway across the country.
In April 2011, the Michigan chapter of the American Civil Liberties Union questioned whether Michigan State Police (MSP) troopers were using Cellebrite UFEDs to conduct unlawful searches of citizens’ cell phones. Following its refusal to grant the ACLU’s 2008 Freedom of Information Act request unless the organization paid $544,000 to retrieve the reports, MSP issued a statement claiming that it honored the Fourth Amendment in searching mobile devices. When the ACLU inquired as to why that information would cost almost a half a million dollars, MSP replied that’s what its cost would be to hire a team of workers to go through and gather and prepare the sheer amount of data the MSP already collected using the UFEDs.
Overly-broad warrants, aka Britain’s ‘general warrants’
What happens to all that data once the police have it? It is common practice to copy the contents of a device before searching it. But if the police don’t need a warrant to do that, then there is also no judicial check on what happens to that information, how it’s used, or who gets to see it.
The warrant requirement serves two purposes. It guards against highly invasive fishing expeditions resembling the British “general warrants” so hated by this nation’s Founding Fathers. These were warrants so broad in nature that they did not have specifics as to why they were issued or for what the arrest was being made. They were issued by those in power to have their enemies arrested when no wrongdoing had been done. The Founding Fathers ensured such broad warrants were made illegal with the Fourth Amendment to the U.S. Constitution. And the second purpose of a warrant is it would provide a way to limit the sensitive information that the government is allowed to keep and share about you. But what do we know about how that data is handled?
Since 1999, the FBI has partnered with local law enforcement agencies to establish a network of forensic computer labs in 19 states. Local police policies vary from place to place, but the FBI’s procedures for handling digital evidence provides a glimpse into how highly personal information can wind up on government databases for decades. All cell phone data seized by the FBI feeds into a centralized database set up for criminal and counterterrorism purposes. The FBI’s database is almost ten times the size of that of the Library of Congress’ database. This data is widely shared — about 12,000 government employees have access to it — and there are few limits on how long the data can be kept. This massive centralization of Americans’ data creates an enormous potential for abuse. Indeed, FBI agents were recently caught looking up the Bureau’s databases about friends working as exotic dancers or celebrities they thought were “hot.”
Nothing to hide?
And that is just the highly-regarded FBI. What about the TSA agents caught trading naked body scanner photos from unsuspecting travelers? Local law enforcement has more a tendency to violate and disregard privacy laws evident from the many lawsuits they end up in so often.
Of concern is the problem of law enforcement having access without accountability. This clearly raises the question of whether or not anyone is overseeing law enforcement users of this personal data.
For those that “have nothing to hide,” consider this: With all the free information we willingly give websites and services, they in turn provide that information to almost anyone else with no concern for your privacy. Examples would include online dating sites, like OKCupid.com. How were profile questions on the site about things like drug use, religious beliefs and more transmitted to a data tracking company, along with the user’s IP address? Or despite Google insisting on a warrant, with a court order that does not reach probable cause, Google will still give up your name, IP address, the dates and times you’re signing in and out, and with whom you’re exchanging emails. And Facebook… what does it matter to you what your pastor, or banker, or doctor knows that the whole world shouldn’t know? That’s what you seem to be implying being that total strangers are standing around water coolers sharing your latest gossip.
I hope you get the picture.
That love/hate/fear thing…
As I left the Apple Store with a newly-repaired iPhone, I wasn’t as happy as I thought I would be.
I realized that this phone, which is no doubt a great technological tool and a marvel of engineering well worth the money, is also something I, along with masses of others that camped out in line for days, all PAID money on willingly to be spied, tracked, and reported on by.
I love my phone. I hate my phone. I fear my phone.
A Cellebrite UFED Touch Ultimate, lovingly called the “iPod hacker” by Apple employees, running forensics on an Android phone, just one of many mobile devices it can “hack.”