In June 2019, Cellbrite announced its new UFED Premium service which allowed law enforcement agencies to unlock any iPhone or iPad running iOS 12.3 in-house and go through all data stored on it. However, leaked documents accessed by OneZero reveals that Cellbrite had been selling this service to law enforcement agencies for over a year.
The leaked documents show that the Manhattan District Attorney’s office has been a subscriber of Cellbrite’s UFED Premium service since January 2018. The office has agreed to pay Cellbrite almost $200,000 over a period of three years for this service. There are also add-ons worth $1 million mentioned in the contract, but it is unclear if the DA’s office has purchased any of them or not.
Previously, while Cellbrite offered iPhone unlocking services, it required government agencies to submit the phones at one of its labs in New Jersy and Virginia.
The Manhattan DA has not publicly revealed its new UFED Premium phone-cracking capabilities. Legal Aid Society attorney Jerome Greco — who runs the public defender practice’s digital forensics unit — says that in 2018 he received information that led him to believe that the phone of one of his clients, who was facing felony drug charges, had been accessed.
Based on the language in the warrant, Greco suspected that prosecutors had used Cellebrite to crack his client’s iPhone 6s Plus. At that time, it was assumed that if law enforcement wanted to unlock that phone model, they had to turn it over to Cellebrite so they could unlock it at one of their forensic facilities. Since the closest facility was in Parsippany, New Jersey, Greco thought this search warrant might have been unlawfully executed because, Greco says, “a New York judge can’t let that happen without another state signing off.”
In the spring of 2018, the Manhattan DA’s office filed a response in which the prosecutors informed the court that the phone in this case was “searched in New York as well.”
By offering in-house unlocking services for iPhones and high-end Android devices though, Cellbrite is removing a lot of legal hurdles from law enforcement agencies.
While Apple steps up the security of its devices with every new iOS release, it is clear companies like Cellbrite and GrayShift are able to find a way to get past its security mechanism.[Via OneZero]