Cellebrite
Cellebrite is an Israeli Digital Intelligence company that manufactures data extraction, transfer and analysis devices for cellular phones and mobile devices. The company is a subsidiary of Japan's Sun Corporation.
Overview
Cellebrite is headquartered in Petah Tikva, Israel. Its two subsidiary companies, Cellebrite USA Corp. and Cellebrite GmbH are respectively based in Parsippany, New Jersey, US, and Munich, Germany. Cellebrite is a fully owned subsidiary of Sun Corporation, a publicly traded company listed on JASDAQ based in Nagoya, Japan.In 2017, Cellebrite's Mobile Lifecycle division was rebranded as Mobilogy.
Mobilogy produces hardware and software for phone-to-phone data transfer, backup, mobile applications electronic software distribution, and data analysis tools. Mobilogy products are used by various mobile operators, and are deployed in wireless retail points of sale. Mobilogy works with handset manufacturers to ensure compatibility before devices are released to the public.
Cellebrite's Mobile Forensics division was established in 2007 and produces software and hardware for mobile forensics purposes used by federal, state, and local law enforcement; intelligence agencies; military branches; corporate security and investigations; law firms; and private digital forensic examiners.
History
Cellebrite was established in Israel in 1999 by Avi Yablonka, Yaron Baratz, and Yuval Aflalo.Cellebrite's first manufactured hardware and software offered a compressive phone-to-phone data transfer devices and offered contact synchronization and content transfer tools for mobile phones, intended for use by wireless carrier sales and support staff in retail stores.
Initially, Cellebrite's commercial products were used as a tool for migration from IS-95 enabled mobile phones to the GSM standard. Later, Cellebrite Wireless Carriers & Retailers' Universal Memory Exchanger gained additional data extraction and transfer capabilities, as well as additional mobile phone diagnostics, backup, and application management and delivery.
In 2007, Cellebrite established an independent division targeted at the mobile forensics industry. Cellebrite's Mobile Forensics introduced mobile forensics products in 2007, under the family brand name 'Universal Forensic Extraction Device', with the ability to extract both physical and logical data from mobile devices such as cellular phones and other hand-held mobile devices, including the ability to recover deleted data and decipher encrypted and password protected information.
Also in 2007, Cellebrite was acquired by FutureDial Incorporated and one of its major shareholders, Sun Corporation in Japan. Today Sun Corporation is Cellebrite's largest shareholder. In 2019 Israeli Growth Partners invested $110 million in Cellebrite.
Law enforcement assistance
In April 2011, the Michigan chapter of the American Civil Liberties Union questioned whether Michigan State Police troopers were using Cellebrite UFEDs to conduct unlawful searches of citizens' cell phones. Following its refusal to grant the MCLU's 2008 Freedom of Information Act request unless the organization paid $544,000 to retrieve the reports, MSP issued a statement claiming that it honored the Fourth Amendment in searching mobile devices.In March 2016, it was reported that Cellebrite offered to unlock an iPhone involved in the FBI–Apple encryption dispute. Later, after the FBI announced it had successfully accessed the iPhone thanks to a third party, a press report claimed Cellebrite had assisted with unlocking the device, which an FBI source denied.
A 2017 data dump suggests Cellebrite sold its data extraction products to Turkey, the United Arab Emirates and Russia.
Products
Cellebrite wireless carriers and retailers
For the mobile retail industry, Cellebrite provides gadgets for phone-to-phone content management and transfer, used primarily as a stand-alone device at the point of sale, and electronic software distribution, content backup and management used primarily through over-the-air programming.The Cellebrite Universal Memory Exchanger is a standalone phone-to-phone memory transfer and backup machine. It transfers content including pictures, videos, ringtones, SMS, and phone book contact data. The Cellebrite UME Touch and its predecessor, the UME-36, can intermediate information between a range of mobile phones, smartphones and PDAs, and support all mobile operating systems, including Symbian, Windows Mobile, Palm, BlackBerry, iOS and Android.
Cellebrite's UME standalone device acts as a universal data channel between two mobile devices. It extracts, reads and parses data from a source mobile device and transfers it on-the-fly to a target device without storing any data on the UME device itself. The UME can automatically determine the types of phones which are connected to it and can re-structure the data on the fly according to the source and target phone's storage formats and data fields.
In addition to its Apploader and Device Analytics tools, in May 2012 Cellebrite introduced several new retail products and services, including a POS diagnostics tool, a cell phone buy-back program integration with its UME Touch, and a self-service point.
Mobile forensics products
In 2007, Cellebrite announced a line of products it called 'Universal Forensic Extraction Device', aimed at the digital forensics and investigation industry. The UFED system is a hand-held device with optional desktop software, data cables, adapters and other peripherals. The UFED additionally has an integrated Subscriber Identity Module reader.Unlike its commercial counterpart, the UME, the UFED system is sold only to approved government and corporate organizations. Also unlike the UME, the UFED extracts mobile device data directly onto an SD card or USB flash drive. Another major difference from the UME is the UFED's ability to break codes, decipher encrypted information, and acquire hidden and deleted data.
The UFED has been named "Phone Forensic Hardware Tool of the Year" for four years running in the Forensic 4cast Awards.
Cellebrite claims the UFED has the ability to extract data from nearly 8,200 devices as of June 2012. These include smartphones, PDA devices, cell phones, GPS devices and tablet computers. The UFED can extract, decrypt, parse and analyze phonebook contacts, all types of multimedia content, SMS and MMS messages, call logs, electronic serial numbers, International Mobile Equipment Identity and SIM location information from both non-volatile memory and volatile storage alike. The UFED supports all cellular protocols including CDMA, GSM, IDEN, and TDMA, and can also interface with different operating systems' file systems such as iOS, Android OS, BlackBerry, Symbian, Windows Mobile and Palm as well as legacy and feature cell phones' operating systems.
The UFED enables the retrieval of subject data via logical, file system, or physical extractions. Physical extraction enables it to recover deleted information, decipher encrypted data, and acquire information from password-protected mobile applications such as Facebook, Skype, WhatsApp and browser-saved passwords. The UFED's physical extraction functionality can also overcome devices' password locks, as well as SIM PIN numbers.
Forensic breakthroughs
Cellebrite claims to have been the first in the mobile forensics industry to have achieved a number of smartphone forensic breakthroughs. These include physical extraction and decoding of BlackBerry flash memory, Android user/pattern lock bypass for physical extraction and decoding, physical extraction from phones with Chinese chipsets, TomTom GPS trip-log decryption and decoding, iOS device unlocking, and other research and development.Forensic data integrity
Cellebrite claims to maintain the integrity of digital evidence:- All cable connectors from subject side act as a write blocker, being read-only via the onboard hardware chipset.
- Although a Faraday shielded bag, included in all ruggedized UFED kits, blocks external electromagnetic fields and wireless radio signals, the UFED has a SIM card cloning capability which also isolates the phone from the wireless network.
- Read-only boot loaders keep data from being altered or deleted during a physical extraction.
Black Bag Technologies Acquisition
Data breach
On 12 January 2017, it was reported that an unknown hacker had acquired 900 GB worth of confidential data from Cellebrite's external servers. The data dump includes alleged usernames and passwords for logging into Cellebrite databases connected to the company's my.cellebrite domain, and also contains what appear to be evidence files from seized mobile phones, and logs from Cellebrite devices.The data suggests Cellebrite sold its data extraction products to countries such as Turkey, the United Arab Emirates and Russia.