Forensic Extraction

Forensic Extraction

“Cellebrite,” “UFED”

Universal Forensic Extraction Devices are small, portable computers that extract the entire contents of a cellphone. Bypassing passwords and other security features, they download personal information in seconds.

What is it used for?: 

UFEDs allow the government to access the vast troves of data contained in cell phones. These devices connect to your phone and download all of its contents – from your contacts list to your location data – within seconds. Their software breaks or bypasses passwords, “unlock” codes, and other security features.

CIVIL LIBERTIES CONCERNS

Over 90 percent of American adults carry cellphones, and today’s powerful phones contain increasingly detailed information about our lives, relationships, and daily habits. Without careful protections for privacy, UEFDs can enable government to learn about this sensitive information.

How it Works: 

Universal forensic extraction devices were developed for use by police, military, and intelligence agencies in the early 2000s as mobile phone use became more prevalent.

  • When the police connect a UFED to your cellphone, they can download its contents directly on to the device. From the display screen, the officer may extract your contacts list, call history, text messages, social networking files, downloads, browser history, pictures and video, and even your ringtones. This data is not limited to your communications and web browsing. The leading GPS-enabled iOS and Android devices keep detailed location files. Police can use this data to build an extremely exhaustive history of your movements.
  • Sometimes, police don’t even have to physically connect a UFED to your phone. Devices sold by CelleBrite, the most popular UFED manufacturer, come with a set of cables that can link to virtually every type of consumer cell phone. However, they can also wirelessly search phones connected to a Bluetooth. The CelleBrite lists all Bluetooth-enabled devices in its vicinity and connects to the phone of the officer’s choice. This allows the officer to download your data secretly.
  • Standard cell phone security features are potentially ineffective. CelleBrite’s marketing materials boast that its devices can penetrate user and pattern locks on over 200 devices. Users of Android, iOS, Windows and other phones, depending upon their version of the operating system, are potentially at risk. Extraction system vendors look for flaws in the security of each version of a cell phone’s operating system.  When they find one, they use it to enable their systems to break into phones running that version of the software.  This is another reason why keeping your phone’s operating system updated to the latest version is important.

    The danger is not only the software on your phone, but also backups made of your phone to your computer using your phone's sync functionality. If law enforcement gains access to the sync backup files on your computer, the UFED can potentially read those sync files to gain access to information about your phone, how it has been used, and the files present on it, and in some cases even enable the UFED to discover or alter your phone's passcode. If the UFED is able to learn or modify your phone's passcode, the analyst can then disable the security and gain access to the data on the phone.

  • One of the CelleBrite UFED’s most powerful features is the ability to “clone” your phone’s SIM card. Your cellphone has a unique identity that allows the global wireless network to route your communications directly to you. CelleBrite’s device, however, allows police to clone that identity. A cloned phone allows officers to intercept your communications and send messages while pretending to be you. If the same cell tower serves both phones, an officer could even listen in on your calls.
How prevalent is it?: 

With an estimated purchase cost of around $2,500-$4,000, Cellebrite UFEDs provide law enforcement with a powerful, easy-to-use tool at a relatively low price.  Local law enforcement agencies’ access to federal grants has significantly increased the availability of these devices. With this support, even departments serving small communities can acquire them. Public records released to the ACLU of Washington have revealed that the Seattle Police Department, Spokane Police Department, Spokane County Sheriff’s Office, and Washington State Patrol have acquired CelleBrite UFEDs.

Examples of Use

  • Location:: 
    Atlanta, GA
    Federal Court Rules UFED Search Illegal

    In June 2012, agents from the Bureau of Alcohol, Tobacco, and Firearms served an arrest warrant on a man suspected of conspiring to rob a drug dealer. The agents arrested the suspect as he left a building, taking his cellphone out of his hand as they handcuffed him. When the investigators got back to their offices, they used a CelleBrite to extract data from the phone’s SD storage card. Believing it was a legal “search incident to arrest,” they limited the download to the amount of time it would take to book the suspect. Courts have recognized that officers may conduct a warrantless search of suspects and their immediate possessions to look for weapons and prevent the destruction of evidence. However, in this case, neither of those risks justified the cell phone search. The data, of course, posed no threat to the safety of the officers. Moreover, the ATF agents admitted that they could prevent a remote “data wipe” of the phone simply by turning it off and removing the battery. The federal district court recognized that cell phones contain “a wealth of information” that we have a legitimate interest in protecting. In 2014, the Supreme Court upheld that finding. In Riley v. California, the justices unanimously sent a message to police who want to search a cellphone:  “Get a warrant.”

Recommendations: 

When government agencies consider acquiring and using surveillance systems, communities and their elected officials must both weigh the benefits against the costs to civil liberties and carefully craft policies and procedures that help to limit the negative effects that surveillance will have on fundamental rights.  For a useful list of considerations, please visit the recommendations page.