Cellebrite was in the headlines earlier this year when it was rumoured to have helped the FBI to crack an iPhone used by the San Bernardino shooter.
Now the company has told the BBC that it can get through the defences of just about any modern smartphone. But the firm refuses to say whether it supplies its technology to the police forces of repressive regimes.
Last week Cellebrite was showing off its technology to British customers. I was invited to a hotel in the Midlands, where police officers from across the UK had come to see equipment and software that first extracts data from suspects’ phones, then analyses how they interact with others.
I was given a demo using a Samsung phone supplied by the company. It was running quite an old version of Android – 4.2 – but I was allowed to take it away for half an hour, put a password on it, and use it to take photos and send a text message.
When we returned, Yuval Ben-Moshe from Cellebrite took the phone and simply plugged it in via the charging socket to what looked like a chunky tablet computer. He explained that this was the kind of mobile unit the firm supplied to police forces for data extraction in the field.
He pressed a couple of buttons on the screen and then announced that the phone’s lock code had been disabled.
“We can pretty much pull up any of the data that resides on the phone,” he said.
He then downloaded the photos I’d taken and the message I’d sent on to a USB stick – the evidence of my activities could now be in the hands of the police.
It was impressive, not to say slightly concerning, that the security on the phone had been so easily bypassed – although this was not a particularly advanced phone, nor had I used services such as WhatsApp, which provide added levels of security.
But Mr Ben-Moshe claimed that his firm could access data on “the largest number of devices that are out there in the industry”.
Even Apple’s new iPhone 7?
“We can definitely extract data from an iPhone 7 as well – the question is what data.”
He said that Cellebrite had the biggest research and development team in the sector, constantly working to catch up with the new technology.
He was cagey about how much data could be extracted from services such as WhatsApp – “It’s not a black/white yes/no answer” – but indicated that criminals might be fooling themselves if they thought any form of mobile communication was totally secure.
Back in the spring, there were reports that Cellebrite had helped the FBI get into the iPhone 5C left behind by the San Bernardino shooter Syed Rizwan Farook.
Unsurprisingly, Mr Ben-Moshe had nothing to say on this matter: “We cannot comment on any of our customers.”
And on the matter of how fussy Cellebrite was about the customers for equipment that is used by law enforcement agencies around the world, he was also tight-lipped.
When I asked whether the company worked with oppressive governments he said: “I don’t know the answer to that and I’m in no position to comment on that.” And when I pressed him, he would say only that Cellebrite operated under international law and under the law of every jurisdiction where it worked.
Mobile phone companies are making great advances in providing secure devices – and law enforcement agencies in the UK and the US are complaining that this is helping criminals and terrorists evade detection.
But last month another Israeli firm NSO Group, which also works for law enforcement and intelligence agencies, was reported to be behind a hack that allowed any iPhone to be easily “jailbroken” and have malware installed.
It seems the technology battle between the phone makers and those trying to penetrate their devices – for good reasons or bad – is a more even fight than we may have imagined.
Source: BBC