Device to suck out phone data in under 2 minutes prevents military mission failure?

The high tech UFED device that can suck data out of cell phones in one-and-a-half minutes has been a long-time favorite mobile forensic tool of police. Cellebrite made nearly $5 million from just U.S. government UFED orders last year. Not only has its forensic capabilities advanced, but so has the number of cell phones it supports. Recently the U.S. military called UFED tools "so important that going without them 'has the potential to cause loss of life and mission failure'."

Do you recall when the ACLU warned that State Police were violating Fourth Amendment rights when using high-tech mobile forensics to suck data out of cell phones in under two minutes? The Michigan State Police were none too happy and issued a reply about the extraction devices. The device itself was a Universal Forensic Extraction Devices (UFED) made by Cellebrite; it extracts and decrypts even deleted data. We're talking about decryption performed on-the-fly on the tiny PC you carry around in your hand, your smartphone. In April 2011, the device in question could grab data in one-and-a-half minutes off more than 3,000 different cell phone models. In April 2012, the UFED could hoover data off more than 4,000 devices and now supports 7,734 mobile device profiles.

The ACLU announced that the government frequently violates the privacy of American citizens with warrantless cell phone tracking. A manual teaching police how-to track mobile phones [PDF page 26] discussed a locked Android cell phone that would not download the contents into CelleBrite's UFED "because the cellular device is not USB-Debugging enabled." Google was ordered to reset the Gmail password and then provide the new password to the police. This made me curious to see if there had been any updates to Cellebrite products and, of course, there has been.

The SANS Computer Forensics blog noted a new Cellebrite UFED version was released. Perhaps one of the reasons this UFED is so popular with forensic investigators, police, and the military is because it can find data that you deleted from your phone, even if you performed a clean factory reset. The UFED Ultimate [PDF] can extract and decrypt hidden or deleted phone data and works on jailbroken and non-jailbroken mobile devices. For iPhone and Android it can extract and decrypt call logs, contacts, text messages, email accounts and passwords, Gmail, locations (Wi-Fi, Cell Tower and navigation applications), browser bookmarks, Skype (contacts, calls and chat), Google Talk, Facebook contacts, user dictionary and even deleted data such as GPS fixes. The company recently announced the UFED Ultimate provides the first-ever physical extraction and decoding for dozens of BlackBerry devices.

According to the Cellebrite release [PDF]:

  • It now supports file system extraction for 85 new Android devices, including the most popular version of Android, 2.3.x, file system extraction for an additional 38 new Android devices and "unlock pattern" decoding from an Android image file.
  • New iOS device support now includes the extraction of iMessages from iOS devices running iOS 5.x.
  • Physical extraction and decoding support was added for 10 new Blackberry devices. This support package "can be stored on a USB flash drive in addition to an SD card."

There's more forensic capabilities coming soon, such as the "physical extraction and decoding, bypassing PIN/unlock pattern" for Samsung Galaxy S, SII, & Tab, for Motorola, and the ability to bypass user lock code, decode and extract data from Nokia BB5.

Bloomberg Government reported, Cellebrite made a whopping $4.94 million just from U.S. government orders last fiscal year. As of the end of 2011, the company announced, "Cellebrite has more than 12,000 deployed UFED Systems in use by military, law enforcement, governments and intelligence agencies in more than 60 countries worldwide."

Bloomberg Government also reported that the military uses UFED technology to "pull information from mobile devices brought across the border into the U.S., which does not require a warrant or consent." Additionally, "the Army's Rapid Equipping Force at Fort Belvoir in northern Virginia, ordered 26 Cellebrite units for $11,499 each that 'allow the capture of critical mission information from apprehended digital devices'." An Army document called the devices "so important that going without them 'has the potential to cause loss of life and mission failure'."

"It's not clear when information on a mobile phone is fair game for law enforcement," said EFF Senior Staff Attorney Lee Tien.

Considering the vast amount of data people routinely carry on their smart phones, it's "really quite ludicrous" to think that the authors of the Constitution would have permitted mobile device searches without warrants, Tien said. Yet such searches take place, he said. "It's a pretty significant privacy issue when you think of all the things that are on your phone."

There have been conflicting rulings as to whether or not the police can search smartphones without a warrant. Last year the EFF mentioned previous court ruling in a amicus brief to the Oregon Supreme Court [PDF]:

The Court elaborated: A rule that gives police the power to conduct [a search incident to arrest] whenever an individual is caught committing a traffic offense, when there is no basis for believing that evidence of the offense might be found in the vehicle, creates a serious and reoccurring threat to the privacy of countless individuals. Indeed, the character of that threat implicates the central concern underlying the Fourth Amendment — the concern about giving police officers unbridled discretion to rummage at will among a person’s private effects.

For Americans with cell phones, the Fourth Amendment issue has not gotten better . . . but Cellebrite's UFED surely has.

Images: Cellebrite

Like this? Here's more posts: 

Follow me on Twitter @PrivacyFanatic

Copyright © 2012 IDG Communications, Inc.

Get the best of CSO ... delivered. Sign up for our FREE email newsletters!