The Cellebrite Universal Forensic Extraction Device (UFED) is a smartphone hacking tool commonly used by the FBI, Department of Homeland Security and other law enforcement agencies in the US and elsewhere. It’s the most powerful tool yet created by the Israeli company, able to extract a huge amount of data – even data which has been deleted from phones.
A brand new one normally costs $5,000 to $15,000 depending on the model, but older models can be found on eBay for as little as $100 …
Forbes says that some of these devices appear to have been sold by police, and in some cases still contain data extracted from phones involved in criminal investigations.
The U.S. federal government, from the FBI to Immigration and Customs Enforcement, has been handing millions to Cellebrite to break into Apple and Google smartphones. Mr. Balaj (Forbes agreed not to publish his first name at his request) and others on eBay are now acquiring and trading Cellebrite systems for between $100 and $1,000 a unit […]
Cybersecurity researchers are now warning that valuable case data […] could have leaked as a result. Matthew Hickey, a cybersecurity researcher and cofounder of training academy Hacker House, bought a dozen UFED devices and probed them for data. He discovered that the secondhand kit contained information on what devices were searched, when they were searched and what kinds of data were removed. Mobile identifier numbers like the IMEI code were also retrievable.
Hickey believes he could have extracted more personal information, such as contact lists or chats, though he decided not to delve into such data. “I would feel a little awful if there was a picture of a crime scene or something,” he said.
Hickey was able to extract data from older iPhones using the device. It’s likely that the device was sold because it is now outdated and unable to access devices running current or recent versions of iOS. However, as of March of last year, the latest Cellebrite UFED was able to access even a locked iPhone X running iOS 11.