How Enforcement Gets Around Encryption: A Look at Smartphone Data Extraction

When law enforcement needs to access data from a suspect’s smartphone, they often face a roadblock in the form of passcodes and biometric identification. To get around this, law enforcement in many countries turns to specialized tools produced by private intelligence companies such as Cellebrite and Grayshift. These tools can extract data from smartphones, but they do not break encryption; instead, they find ways around it.

Cellebrite, one of the most prominent companies in digital forensics, offers a variety of services through their website, including the “Cellebrite UFED” (Universal Forensic Extraction Device). This device comes in different sizes and variations and can in theory bypass patterns and passwords on some iPhone models to extract data from the phone and SIM card. However, the vulnerability of an iPhone depends on the model, iOS version, and state of encryption it is currently in.

Forensic companies distinguish between two states: Before First Unlock (BFU) and After First Unlock (AFU). While a modern iPhone is turned off, its data is very well encrypted, but once it is turned on and the passcode is entered, it enters the AFU state and becomes more vulnerable. Devices like Cellebrite’s UFED usually find ways around encryption rather than breaking it. They do this by exploiting security flaws and finding zero-day exploits, meaning publicly unknown security weaknesses in a target device.

Apart from providing tools to break into a smartphone, Cellebrite also offers software to easily browse the extracted data. Law enforcement can browse installed apps and their data, browser- and location history, social media, and many other statistics. Similar tools exist for cloud-based evidence, but access is only possible if login credentials or extracted tokens and session cookies are already obtained.

Cellebrite has more than 7000 customers in 150 countries. While they primarily sell to law enforcement, their extraction devices can increasingly be found at airports and even schools. Some school districts in the United States reserve the right to search students’ phones using this forensic technology. However, with the increasing availability of extraction devices, the number of unjust searches of smartphones is likely to rise.

Average users might wonder how they can better protect their personal phone data against brute force attacks. One simple solution is to use a longer device passcode, including letters and numbers. Many iPhones can also disable any other unlock methods besides passcode by pressing the side button five times. By taking these steps, anyone can increase their device security immediately.

As the debate around encryption and device protection continues, it is important to consider who should have access to this technological power. Share your opinion on this issue and take steps to protect your personal data.