Get The Start-Up Israel's Daily Start-Up by email and never miss our top stories Free Sign Up
The product enables a full file system extraction, allowing, in effect, a copy of the phone’s data to be transferred to a client’s computer. It lets law enforcement agencies obtain “access to 3rd party app data, chat conversations, downloaded emails and email attachments, deleted content and more,” the company boasts. “Increase your chances of finding the incriminating evidence and bringing your case to a resolution,” it says in its sales pitch.
It also highlights its ability to recover “unallocated data,” or the sometimes still-recoverable remnants of deleted files.Cellebrite’s technology does not work remotely. It requires a specially designed device to be physically connected to the phone being hacked. Cellebrite has faced widespread criticism for its refusal to reveal its methods to Apple so the tech giant’s security technicians can seal up the vulnerabilities.
The company has long argued that its help to law enforcement agencies brings greater benefit to the public.
“There’s a public safety imperative here. These capabilities are germane again to homicide, crimes against children, drug gangs, major public safety threats in any community,” the company’s chief marketing officer, Jeremy Nazarian, told Forbes in a March 2018 interview. “We feel an obligation to those serving the public safety mission to ensure those capabilities are preserved, to the extent that they can be.” The company has also insisted that it requires potential clients to demonstrate they have the authority to access an iPhone or Android device before making their product available. It has also said the technology’s dependence on physically interfacing with the phones means it is unlikely to be misused.
But critics have noted that Cellebrite has had difficulty ensuring kits it has sent to clients remain with the clients. In February, Cellebrite phone-hacking kits were found on sale on eBay, while some clients have not returned the kits to Cellebrite after use, as the company requests.
What's not obvious is that trust relies on social signaling, so even though Susan Fowler, who became the voice of Uber's workers speaking up against hostile working conditions, is a white woman, her unjust treatment provided a valuable and credible way of judging the trustworthiness of the organization even for people who were seeking a different core promise from the company.
There are also fears a Cellebrite kit could be reverse engineered to uncover vulnerabilities that the company continues to keep hidden from the cellphone makers.Apple has long refused US law enforcement agencies’ requests to create backdoors to its operating system that would allow entry into customers’ phones, and works hard to patch vulnerabilities discovered by companies like Cellebrite that specialize in forensic hacking. The iPhone maker has argued that no backdoor or vulnerability is ever truly safe in the hands of law enforcement, as it could leak or be discovered independently.