Inside the Israeli Company That Can Crack the iPhone

The U.S. government suddenly doesn't need Apple's help unlocking the San Bernardino iPhone. The reason may be Israeli company Cellebrite, whose CEO spoke to Haaretz.

A worker climbs outside an Apple store in Hong Kong, China. The clash between the FBI and Apple has rekindled the public debate on the balance between privacy and protection.
Reuters

The clash between the FBI and Apple over the decryption of an iPhone belonging to one of the San Bernardino terrorists has rekindled the public debate on the balance between privacy and protection, and highlighted the usually covert race pitting cellphone makers building ever more complex safeguards into their products, against law enforcement agencies, which seek access to all the latest gadgets.

A low-profile but key player in this race is an Israeli company called Cellebrite, which over the last decade has captured a major slice of the mobile forensics market, providing police forces, government agencies and private companies across the world with hardware and software that enable investigators to extract information from most handheld devices, even if the data has been encrypted or deleted.

“These toys, these handsets, today are basically reflecting everything about the phone owner’s personality,” says Cellebrite CEO Yossi Carmil. “There is a lot of data inside which tells everything about a person.”

Access to such information can stop terror attacks and provide evidence against murderers, rapists and drug dealers – but it is also the stuff of dystopian nightmares for privacy advocates, civil rights activists and all those concerned that government and private entities may abuse these capabilities.

“Privacy and protection of private data is always an issue, but we are not dealing with that, we are delivering solutions,” Carmil told Haaretz in a rare interview last week. “We are not providing the service to the entities, we are selling to them and they are doing what they do according to their capabilities and legal limitations.”

One of the models in Cellebrite’s Universal Forensic Extraction Device product line.
Courtesy

Based in Petah Tikva, just outside Tel Aviv, Cellebrite was founded in 1999 and started out in the mobile services sector, offering products that transfer content from one phone to another, perform diagnostics and backups. That part of the business is still growing, but now makes up only about a third of Cellebrite’s sales, Carmil says. The lion’s share is taken up by the mobile forensics business, which the company moved into around 2007. That same year, Cellebrite was sold – reportedly for $17.5 million – to Sun Corporation, a Japanese IT giant quoted on the Tokyo Stock Exchange.

Today, Cellebrite has some 500 employees, three-quarters of whom work in Israel, and eight subsidiaries covering sales across the globe, including the United States, Europe and China.

While the company does not publish its financials, Carmil says revenues and profits have been growing at a rate of 30-35 percent a year. He estimates the global market for mobile forensics is worth around $250 million, with Cellebrite taking just under half of it.

Who buys from Cellebrite?

The company’s flagship product is a line of gadgets known as the Universal Forensic Extraction Device (or UFED), which comes in different models and sizes. Once connected to a phone, the system unlocks it and copies the data without altering or damaging the original, ensuring the information can be used as evidence in a trial, says Leeor Ben-Peretz, Cellebrite’s vice president for its mobile forensics division. The latest UFED incarnation also gives access to data that the phone’s user has stored in the cloud, Ben-Peretz said.

Cellebrite CEO Yossi Carmil.
Coutesy

Carmil said that of the 30,000 UFED units deployed around the world, more than 80 percent were sold to law enforcement agencies, with the rest going to other government agencies and large corporations, mainly banks and telecoms giants, which use the devices for internal investigations.

The company says on its website that it sells its products in more than 100 countries. This means that at least some of its devices are likely operated by police in countries that are not democracies (The Economist Intelligence Unit’s Democracy Index for 2015 counts just 20 “full democracies” and 59 “flawed democracies”).

Carmil said that in addition to countries that are under sanctions by Israel or the international community, Cellebrite has an “expanded list” of “dozens” of nations and entities to which it does not sell its products.

“We refuse sales if we cannot identify the customer, if we cannot have references about the customer, and there are several areas, segments and countries that we are not selling to,” he said.

He declined to provide specifics, but acknowledged that Cellebrite does business in Russia and China, where he said the company works closely with law enforcement and keeps tabs on the cases in which its equipment is used.

“Most of the use that is being done with our solutions is to catch criminals, for anti-terror activity, drug police, border police,” he said. “As far as we know, and we make the best effort to know, the main use of our products is moving in that direction.”

Concerns about the use of mobile forensic devices by law enforcement have also been raised in the West. In 2011, the American Civil Liberties Union claimed that police in Michigan may have used the UFED during routine police checks, violating laws prohibiting unreasonable searches. The police said in response that it only uses the device if a search warrant has been obtained or with the person’s consent.

From CSI to Italy

Cellebrite’s products have been widely credited around the world with speeding up investigations, solving crimes and securing convictions – and even appear regularly as props on crime dramas like CSI. A model of Cellbrite’s UFED appears in a scene of CSI:NY and was credited with solving the 2013 gang-related shooting death of a 12-year-old girl in Rhode Island.

In Israel, the device played a role in the investigation into the 2009 shooting at the Bar Noar gay youth club in Tel Aviv, in which two people were killed. Deleted Whatsapp messages pulled from the phone of a state’s witness showed he had fabricated evidence against the main suspect in the case, leading to the suspect’s release and the jailing of the witness(although the murder itself remains unsolved).

Last month, as Apple and the FBI locked horns over the San Bernardino iPhone, experts in a trial in Milan, Italy, revealed they had used Cellebrite’s technology to unlock and retrieve pictures and videos from an iPhone 5, in a case against a young man and woman accused of disfiguring the latter’s ex-boyfriends in a series of acid-throwing attacks.

Aside from a robust research department, Ben-Peretz attributes the company’s success to its original business in the mobile services sector, which gives Cellebrite good contacts with mobile phone operators and vendors and ensures it gets early access to new phone models and operating systems, allowing it to release updates for its software often months ahead of the competition. For example, Ben-Peretz claimed, the UFED is the only system that can currently unlock Samsung Galaxy S7, which was just released earlier this month.

“The entire story in our area is the handsets,” Carmil said. “Get hold of the handsets and be quicker than the others.”

Exponential complexity

Not all cellphones have been cracked, which may help explain why the FBI, even though it has acquired the UFED system, has not yet been able to unlock the San Bernardino phone.

According to Cellebrite’s website, the company can unlock iPhones running iOS 8. The device in the Italian case, according to the Milan court experts, ran this earlier version of Apple’s operating system, while the San Bernardino iPhone 5c has the more recent iOS 9, which has not been cracked yet.

While the Cellebrite executives would not comment on the San Bernardino case, they indicated they are confident that a completely hack-proof phone has not been invented yet and that they would eventually be able to unlock any existing system on their own.

“It’s an ongoing rabbit race,” said Ben-Peretz. “The level of complexity is exponential and it’s at a point that it’s getting difficult – but if anyone can do it, it’s us.”