Documents show what forensics company extracts from unencrypted iPhones
Some extraction reports have appeared on the internet from Cellebrite, the company that analyzes the content of computers and smartphones, whether or not after their cracking. The reports show what the company can extract from an unencrypted iPhone 5.
ZDNet got its hands on the documents earlier this year after they were leaked through a law firm, which synced its backup systems insecurely over the Internet. The documents were part of a police report and contained the extraction reports prepared by Cellebrite. The data was obtained through Cellebrite’s UFED system at the police force, which was used to extract data from the memory of an iPhone 5 running iOS 8. The user had not locked his phone with a PIN, so the smartphone was not encrypted and the Israeli company was able to retrieve the contents in seconds.
The report starts with the details about personal data, the Apple ID used and IMEI number. UFED can be extended with plug-ins that retrieve different types of data and that can link the data to previous dumps, to build profiles. The tool can show the locations where photos were taken by the user on a map and can list the Wi-Fi networks that the smartphone has been connected to. In addition, all text messages are visible in chronological order, as well as all details about telephone calls and voicemails.
In addition, all data relating to contacts can be retrieved, such as names, telephone numbers and e-mail addresses. Details about apps are also available, such as the rights that the user has assigned to the apps. Information entered by the user in the Notes app is also visible. In addition to the data that was still on the iPhone 5, deleted data can also be retrieved.
Cellebrite claims that iPhones from version 4s that are protected with a passcode cannot be cracked and from the iPhone 5s, Apple uses the secure enclave with hardware security, which makes cracking even more difficult. According to 9to5mac, governments regularly use Cellebrite to extract data from systems. Apple also uses the forensics company’s own tools to transfer customer data in stores.
Extracting data from an unencrypted smartphone is simple and can be done in many ways, but the leaked documents provide insight into the nature and scope of a forensic company’s tool.