Английская Википедия:Cellebrite UFED

Материал из Онлайн справочника
Перейти к навигацииПерейти к поиску

Шаблон:Short description Шаблон:Infobox information appliance

The UFED (Universal Forensics Extraction Device) is a product series of the Israeli company Cellebrite, which is used for the extraction and analysis of data from mobile devices by law enforcement agencies.[1]

Products

Cellebrite sells various products in the UFED series:[2]

  • UFED Physical Analyzer
  • UFED Logical Analyzer
  • UFED Phone Detective
  • UFED Cloud Analyzer

Features

On the UFED Touch, it is possible to select extraction of data and choose from a wide list of vendors. After the data extraction is done, it is possible to analyze the data in the Physical Analyzer application.[3]

The Cellebrite UFED Physical Analyzer supports the following features:[3]

  • Extract device keys which can be used to decrypt raw disk images, as well as keychain items.
  • Revealing device passwords, although this is not available for all locked devices
  • Passcode recovery attacks
  • Analysis and decoding of application data
  • Generating reports in various formats such as PDF and HTML
  • Dump the raw filesystem for analyzing it in other applications

History

In 2019, Cellebrite announced a new version of the UFED, called the UFED Premium. The company claimed that it can unlock iOS devices including those running iOS 12.3 and Android phones such as the Galaxy S9.[4]

Resale

Cellebrite does not allow the resale of their products. The original list price of the product is around US$6000, but they have been sold on eBay for around US$100. Some devices that were resold still contained data about criminal investigations.[5]

Security

In 2021, Moxie Marlinspike, creator of the encrypted messaging app Signal, released a blog post on the app's website detailing a number of vulnerabilities in Cellebrite's UFED and Physical Analyzer software that allowed for arbitrary code execution on Windows computers running the software. One exploit he detailed involved the UFED scanning a specially formatted file which could then be used to execute arbitrary code on the computer running the UFED. Marlinspike wrote that the code could then "[modify] not just the Cellebrite report being created in that scan, but also all previous and future generated Cellebrite reports from all previously scanned devices and all future scanned devices in any arbitrary way".[6] Marlinspike also found that Cellebrite software was bundled with out-of-date FFmpeg DLL files from 2012, which lacked over 100 subsequent security updates. Windows Installer packages, extracted from the Windows installer for iTunes and signed by Apple, were also found, which he said raised legal concerns.[7] Cellebrite issued a statement in response, saying the company "is committed to protecting the integrity of our customers’ data, and we continually audit and update our software in order to equip our customers with the best digital intelligence solutions available."[8] The report by Signal followed an announcement by Cellebrite in 2020 that it had developed technology to crack encrypted messages in the Signal app, a claim the company later retracted and downplayed.[9][10]

The announcement by Marlinspike raised questions about the integrity of data extracted by the software,[11][12] and prompted Cellebrite to patch some of the vulnerabilities found by Signal and to remove full support for analyzing iPhones.[13][14]

See also

References

Шаблон:Reflist

External links

Партнерские ресурсы
Криптовалюты
Магазины
Хостинг
Разное

  1. Шаблон:Cite web
  2. Шаблон:Cite book
  3. 3,0 3,1 Шаблон:Cite book
  4. Шаблон:Cite magazine
  5. Шаблон:Cite web
  6. Шаблон:Cite web
  7. Шаблон:Cite web
  8. Шаблон:Cite web
  9. Шаблон:Cite web
  10. Шаблон:Cite news
  11. Шаблон:Cite web
  12. Шаблон:Cite news
  13. Шаблон:Cite web
  14. Шаблон:Cite web
Источник — http://wikihandbk.com/ruwiki/index.php?title=Английская_Википедия:Cellebrite_UFED&oldid=13824670