Cellebrite

From Wikipedia, the free encyclopedia
Jump to: navigation, search
Cellebrite Mobile Synchronization Ltd.
Private
Industry  • High tech
 • Telecommunication (Cellular Phones)
 • Data extraction
Founded 1999; 18 years ago (1999)
Petah Tikva, Israel
Founder Ron Serber
Yossi Carmil
Headquarters Petah Tikva, Israel
Number of locations
6 Main Offices (2017)
Area served
Worldwide
Key people
 • Ron Serber (Co-CEO)
 • Yossi Carmil (Co-CEO)
 • James Grady (CEO, Cellebrite USA)
 • Axel Kettenring (CEO, Cellebrite GmbH)
Products  • Universal Memory Exchanger based and manufactured on a windows computer (UME)
 • Universal Forensic Extraction Device (UFED)
Services  • Phone-to-phone content transfer and backup
 • Mobile device forensics
Number of employees
+400 (2017)
Parent Sunsoft
Divisions  • Cellebrite (Digital Intelligence)
 • Mobilogy (Commercial & Retailers, Mobile Life Cycle)
Website www.cellebrite.com
www.mobilogy.com

Cellebrite Mobile Synchronization is an Israeli company that manufactures data extraction, transfer and analysis devices for cellular phones and mobile devices. The company is a subsidiary of Japan's Sunsoft.

Overview[edit]

Cellebrite is headquartered in Petah Tikva, Israel. Its two subsidiary companies, Cellebrite USA Corp. and Cellebrite GmbH are respectively based in Parsippany, New Jersey, US, and Munich, Germany. Cellebrite is a fully owned subsidiary of Sunsoft, a publicly traded company listed on JASDAQ (6736/JQ) based in Nagoya, Japan.

In 2017, Cellebrite's Mobile Lifecycle division was rebranded as Mobilogy[1] , sharpening Cellebrite's position a Digital Intelligence solutions provider. Cellebrite services the Law Enforcement community with advanced tools and platforms in the digital domain, including Mobile Forensics, Triage and Analytics.

Mobilogy produces hardware and software for phone-to-phone data transfer, backup, mobile applications electronic software distribution, and data analysis tools. Mobilogy products are used by various mobile operators, and are deployed in wireless retail points of sale. Mobilogy works with handset manufacturers to ensure compatibility[clarification needed] before devices are released to the public.[2]

Cellebrite's Mobile Forensics division was established in 2007 and produces software and hardware for mobile forensics purposes used by federal, state, and local law enforcement; intelligence agencies; military branches; corporate security and investigations; law firms; and private digital forensic examiners.[2]

History[edit]

Cellebrite was established in Israel in 1999 by Yossi Carmil and Ron Serber.[citation needed] Cellebrite's first manufactured hardware and software offered a compressive phone-to-phone data transfer devices and offered contact synchronization and content transfer tools for mobile phones, intended for use by wireless carrier sales and support staff in retail stores.

Initially Cellebrite's commercial products were used as a tool for migration from IS-95 (CDMA) enabled mobile phones to the GSM standard. Later, Cellebrite Wireless Carriers & Retailers' Universal Memory Exchanger (UME) gained additional data extraction and transfer capabilities, as well as additional mobile phone diagnostics, backup, and application management and delivery.

In 2007 Cellebrite established an independent division targeted at the mobile forensics industry. Cellebrite's Mobile Forensics introduced mobile forensics products in 2007 under the family brand name 'Universal Forensic Extraction Device' (UFED), with the ability to extract both physical and logical data from mobile devices such as cellular phones and other hand-held mobile devices, including the ability to recover deleted data and decipher encrypted and password protected information.

Also in 2007, Cellebrite was acquired by FutureDial Incorporated and one of its major shareholders, Sun Corporation in Japan.[3] Today it is a fully owned subsidiary of Sun Corporation.

Law enforcement assistance[edit]

In April 2011, the Michigan chapter of the American Civil Liberties Union questioned whether Michigan State Police (MSP) troopers were using Cellebrite UFEDs to conduct unlawful searches of citizens' cell phones.[4] Following its refusal to grant the MCLU's 2008 Freedom of Information Act request unless the organization paid $544,000 to retrieve the reports, MSP issued a statement claiming that it honored the Fourth Amendment in searching mobile devices.[5]

In March 2016, it was reported that Cellebrite offered to unlock an iPhone involved in the FBI–Apple encryption dispute.[6] Later, after the FBI announced it had successfully accessed the iPhone thanks to a third party, a press report claimed Cellebrite had assisted with unlocking the device,[7] which an FBI source denied.[8]

A 2017 data dump suggests Cellebrite sold its data extraction products to Turkey, the United Arab Emirates and Russia.[9]

Products[edit]

Cellebrite wireless carriers and retailers[edit]

For the mobile retail industry, Cellebrite provides gadgets for phone-to-phone content management and transfer, used primarily as a stand-alone device at the point of sale, and electronic software distribution, content backup and management used primarily through over-the-air programming.

The Cellebrite Universal Memory Exchanger (UME) is a standalone phone-to-phone memory transfer and backup machine. It transfers content including pictures, videos, ringtones, SMS, and phone book contact data. The Cellebrite UME Touch and its predecessor, the UME-36, can intermediate information between a range of mobile phones, smartphones and PDAs, and support all mobile operating systems, including Symbian, Windows Mobile, Palm, BlackBerry, iOS and Android.[10]

Cellebrite's UME standalone device acts as a universal data channel between two mobile devices. It extracts, reads and parses data from a source mobile device and transfers it on-the-fly to a target device without storing any data on the UME device itself. The UME can automatically determine the types of phones which are connected to it, and can re-structure the data on the fly according to the source and target phone's storage formats and data fields.

In addition to its Apploader and Device Analytics tools, in May 2012 Cellebrite introduced several new retail products and services, including a POS diagnostics tool, a cell phone buy-back program integration with its UME Touch, and a self-service point.[11]

Mobile forensics products[edit]

In 2007, Cellebrite announced a line of products it called 'Universal Forensic Extraction Device' (UFED), aimed at the digital forensics and investigation industry. The UFED system is a hand-held device with optional desktop software, data cables, adapters and other peripherals. The UFED additionally has an integrated Subscriber Identity Module (SIM) reader.

Unlike its commercial counterpart, the UME, the UFED system is sold only to approved government and corporate organizations.[12] Also unlike the UME, the UFED extracts mobile device data directly onto an SD card or USB flash drive. Another major difference from the UME is the UFED's ability to break codes, decipher encrypted information, and acquire hidden and deleted data.

The UFED has been named "Phone Forensic Hardware Tool of the Year" for four years running in the Forensic 4cast Awards.[13]

Cellebrite claims the UFED has the ability to extract data from nearly 8200 devices as of June 2012.[14] These include smartphones, PDA devices, cell phones, GPS devices and tablet computers. The UFED can extract, decrypt, parse and analyze phonebook contacts, all types of multimedia content, SMS and MMS messages, call logs, electronic serial numbers (ESN), International Mobile Equipment Identity (IMEI) and SIM location information from both non-volatile memory and volatile storage alike.[15] The UFED supports all cellular protocols including CDMA, GSM, IDEN, and TDMA, and can also interface with different operating systems' file systems such as iOS, Android OS, BlackBerry, Symbian, Windows Mobile and Palm as well as legacy and feature cell phones' operating systems.

The UFED enables the retrieval of subject data via logical ("what you see is what you get"), file system (e.g., directories and files), or physical extractions (i.e.: hex dump, a bit-for-bit copy of a mobile device's entire storage). Physical extraction enables it to recover deleted information, decipher encrypted data, and acquire information from password-protected mobile applications such as Facebook, Skype, WhatsApp and browser-saved passwords. The UFED's physical extraction functionality can also overcome devices' password locks, as well as SIM PIN numbers.

Forensic breakthroughs[edit]

Cellebrite claims to have been the first in the mobile forensics industry to have achieved a number of smartphone forensic breakthroughs. These include physical extraction and decoding of BlackBerry flash memory (going beyond mass storage or IPD backups), Android user/pattern lock bypass for physical extraction and decoding, physical extraction from phones with Chinese chipsets (including MediaTek and Spreadtrum), TomTom GPS trip-log decryption and decoding, iOS device unlocking, and other research and development.

Forensic data integrity[edit]

Cellebrite claims to maintain the integrity of digital evidence:

  • All cable connectors from subject (source) side act as a write blocker, being read-only via the on-board hardware chip set.
  • Although a Faraday shielded bag, included in all ruggedized UFED kits, blocks external electromagnetic fields and wireless radio signals, the UFED has a SIM card cloning capability which also isolates the phone from the wireless network.
  • Read-only boot loaders keep data from being altered or deleted during a physical extraction.

Data breach[edit]

On 12 January 2017 it was reported that an unknown hacker had acquired 900 GB worth of confidential data from Cellebrite's external servers. The data dump includes alleged usernames and passwords for logging into Cellebrite databases connected to the company's my.cellebrite domain, and also contains what appear to be evidence files from seized mobile phones, and logs from Cellebrite devices.[16]

The data suggests Cellebrite sold its data extraction products to countries such as Turkey, the United Arab Emirates and Russia.[9]

References[edit]

  1. ^ "Mobilogy Rebrand Press Release" (PDF). 
  2. ^ a b "Cellebrite Customers". Retrieved April 9, 2017. 
  3. ^ "FutureDial and Sun Corporation Acquire Cellebrite". ThomasNet. Retrieved July 19, 2012. 
  4. ^ Sullivan, Bob. "Gadget gives cops quick access to cell phone data". MSNBC. Archived from the original on April 23, 2011. Retrieved April 21, 2011. 
  5. ^ Heussner, Ki Mae. "Michigan Police Use Device to Download Cellphone Data; ACLU Objects". ABC News. Retrieved June 8, 2012. 
  6. ^ "San Bernardino shooting:Israeli company is helping the FBI, reports say". The Press-Enterprise. March 23, 2016. Retrieved March 23, 2016. 
  7. ^ Benmeleh, Yaacov. "FBI Worked With Israel's Cellebrite to Crack iPhone". Bloomberg News. Retrieved 2016-04-01. 
  8. ^ "FBI's Comey, officials discount two iPhone hack theories". USA TODAY. Retrieved 2016-04-01. 
  9. ^ a b Cox, Joseph (2017-01-12). "Cellebrite Sold Phone Hacking Tech to Repressive Regimes, Data Suggests". Motherboard. Retrieved 2017-07-03. 
  10. ^ "Data Transfer, Backup and Restore". Cellebrite. Archived from the original on June 8, 2012. Retrieved July 19, 2012. 
  11. ^ "Cellebrite Empowers Retailers With New Point-of-Sale Tools at CTIA 2012". MarketWatch. Retrieved June 15, 2012. 
  12. ^ Osborne, Charlie. "For investigators, a better way to extract data from mobile devices". SmartPlanet.com. Retrieved July 19, 2012. 
  13. ^ Whitfield, Lee. "Forensic 4cast Awards 2012 – Results". Retrieved July 19, 2012. 
  14. ^ "UFED 1.2.0.0 Release Notes" (PDF). Cellebrite. Archived from the original (PDF) on September 13, 2012. Retrieved July 19, 2012. 
  15. ^ Hoog, Andrew. "Chapter 3. Cellebrite UFED". viaForensics. Archived from the original on June 20, 2013. Retrieved June 8, 2012. 
  16. ^ "Hacker Steals 900 GB of Cellebrite Data". Motherboard. 

External links[edit]