<p><img src="https://static4.businessinsider.com/image/60c0c8586b60c70019c29d1f-2400/cellebrite.jpg" border="0" alt="cellebrite" data-mce-source="JACK GUEZ/AFP via Getty Images" data-mce-caption="In the foreground Cellebrite's tech is hooked up to an iPhone, ready to extract data from it."></p><p></p><bi-shortcode id="summary-shortcode" data-type="summary-shortcode" class="mceNonEditable" contenteditable="false">Summary List Placement</bi-shortcode><p>For most of the 22 years since its founding, the digital forensics firm Cellebrite has kept a low profile. But now, the phone-cracking firm is stepping out of the shadows <a href="https://www.reuters.com/article/us-cellebrite-m-a-twc-tech-hldg-ii/cellebrite-to-go-public-via-2-4-billion-spac-deal-idUSKBN2BV1OX">as it prepares to go public</a>.</p><p>The Israel-based company made a name for itself with software that lets its customersmostly police departmentsbreak into locked smartphones to carry out investigations. The firm's technology was <a href="https://www.newsweek.com/encryption-apple-cellebrite-fbi-unlock-san-bernardino-iphone-440276">reportedly used by the FBI to unlock the San Bernadino shooter's iPhone</a>, even after Apple said it couldn't help the agency break in. But the company has kept details of its business and technology <a href="https://theintercept.com/2016/10/31/fbis-go-hackers/">under wraps</a> until now.</p><p>In an interview with Insider this week, Cellebrite CEO Yossi Carmil and other execs opened up about the firm's phone-cracking technology and its digital arms race against vendors like Apple and Samsung. Carmil also described Cellebrite's recent expansion into private enterprise customers, and hit back at vocal critics of the company like the <a href="https://www.businessinsider.com/signal-ceo-hacks-cellebrite-hacking-device-2021-4">founder of encrypted messaging app Signal, Moxie Marlinspike,</a> a privacy advocate who <a href="https://signal.org/blog/cellebrite-vulnerabilities/">called Cellebrite's technology "larcenous."</a></p><p>Carmil, meanwhile, dismissed Marlinspike as "one of the anti-forensics, which are as old as the forensics industry."</p><p>Cellebrite's <a href="https://www.cellebrite.com/en/about/">stated mission</a> is is to "protect and save lives, accelerate justice, and ensure data privacy," but it's faced criticism from privacy hardliners and criminal justice advocates, who <a href="http://cyberlaw.stanford.edu/blog/2021/05/i-have-lot-say-about-signal%E2%80%99s-cellebrite-hack">argue</a> it's unfair to the subjects of investigations that their data can be seized by law enforcement using technology that's largely opaque. Critics have also slammed the company for licensing technology to authoritarian governments, a practice Cellebrite has recently <a href="https://www.cellebrite.com/en/cellebrite-stops-selling-its-digital-intelligence-offerings-in-russian-federation-and-belarus/">taken steps to curtail</a>. </p><p>Despite the criticism, Cellebrite is confident that its business will grow steadily in the years to come. The firm <a href="https://www.prnewswire.com/il/news-releases/cellebrite-announces-first-quarter-2021-results-885499015.html">announced</a> this week that it has achieved annual recurring revenue of $150 million, up 53% from the year prior. Its clients include police departments in all 50 US states, national law enforcement agencies in 25 of the 27 European Union nations, and 8 out of the 10 largest US banks. Now, it has big plans to expand into the private sector as it prepares to go public through a merger with a <a href="https://www.businessinsider.com/spac-blank-check-companies-explained-2020-5">special purpose acquisition company (SPAC)</a> by the end of 2021, in a deal valued at $2.4 billion.</p><p>"The company is executing a strategy with a goal to become a one-stop-shop vendor in the digital intelligence space," Carmil said. "I think we are not even scratching the surface of what the company can be."</p><p>The firm has expanded its services in recent years: It recently launched a data analytics tool to supplement its encryption-breaking technology, and now offers a single software platform meant to be used by investigators, analysts, and prosecutors alike.</p><h2>Carmil says "there is a race" to beat Apple from patching iPhone vulnerabilities that Cellebrite exploits</h2><p>Cellebrite licenses a suite of products that collect and manage data from digital sources, but its most well-known offering is a physical analyzer that promises customers the ability to extract data from locked smartphones. The physical analyzer does not intercept data remotely; rather, it connects to a phone physically to break in and extract information.</p><p>That puts Cellebrite's business at odds with vendors like Apple and Samsung, which promise users privacy. Apple has <a href="https://www.npr.org/2020/01/14/796160524/apple-declines-doj-request-to-unlock-pensacola-gunmans-phones#:~:text=Apple%20Declines%20DOJ%20Request%20To%20Unlock%20Pensacola%20Gunman's%20Phones,-Listen%C2%B7%203%3A33&text=Transcript-,Apple%20rejected%20a%20Justice%20Department%20request%20to%20unlock%20two%20phones,government%20and%20Apple%20over%20privacy.">previously told the US Department of Justice</a> that even Apple engineers can't open a locked iPhone without knowing the passcode. </p><p>According to Carmil, Apple has been trying to patch vulnerabilities that Cellebrite exploits since 2011, and Cellebrite has been in a similar cat-and-mouse game with Samsung since 2016. But Carmil said he's confident that Cellebrite will stay ahead of those efforts.</p><p>"On a strategic level, on a tactical and operational level, definitely there is a race," Carmil said. "We are less concerned about the near futurethree to five yearsbecause we have enough assets and we are winning this race. And actually it's not that we are chasing after the vendor: The vendor is chasing after us."</p><p>Carmil also speculated that companies like Apple and Samsung may ultimately determine that it's in their best interests not to fight Cellebrite's technology. He argues that Cellebrite lets law enforcement collect information without creating the expectation that vendors need to cooperate with them.</p><p>Apple has previously <a href="https://www.axios.com/doj-apple-encryption-iphone-pensacola-richard-burr-0ec16e13-029f-49e7-bcf8-1b9fc7388188.html" target="_blank" rel="noopener noreferrer" data-stringify-link="https://www.axios.com/doj-apple-encryption-iphone-pensacola-richard-burr-0ec16e13-029f-49e7-bcf8-1b9fc7388188.html" data-sk="tooltip_parent">told prosecutors</a> that it can't open locked phones or break iMessage's end-to-end encryption and it and other tech firms are <a href="https://www.cnbc.com/2020/01/16/apple-fbi-backdoor-battle-is-about-more-than-two-iphones.html" target="_blank" rel="noopener noreferrer" data-stringify-link="https://www.cnbc.com/2020/01/16/apple-fbi-backdoor-battle-is-about-more-than-two-iphones.html" data-sk="tooltip_parent">vocally opposed to so-called "backdoors" for law enforcement, which they say hurt security for all users</a>. Representatives for Apple and Samsung did not respond to requests for comment.</p><p>"I might surprise you: I think that there is a coexistence here," he said. "I believe that the vendors needs companies like Cellebrite, not to mention that the law enforcement needs it as well. So I'm not that sure that there is an interest to close it automatically in the future."</p><h2>Cellebrite rolled out a software patch after Moxie Marlinspike published a vulnerability</h2><p>After Cellebrite <a href="https://www.bbc.co.uk/news/technology-55412230">boasted</a> that its technology could extract data from the encrypted messaging app Signal, MarlinspikeSignal's founder and CEO<a href="https://signal.org/blog/cellebrite-and-clickbait/">called the now-deleted post "pretty embarrassing"</a> for the company. Then, several months later, he published a <a href="https://signal.org/blog/cellebrite-vulnerabilities/">blog post</a> in April claiming he reverse engineered Cellebrite's physical analyzer and found a vulnerability that could corrupt extracted data.</p><p>"This could even be done at random, and would seriously call the data integrity of Cellebrite's reports into question," Marlinspike wrote, arguing that data extracted by Cellebrite devices in the past could have been spoiled if suspects ever exploited the vulnerability. At least one defense lawyer has already used the findings to <a href="https://www.vice.com/en/article/5dbpyq/lawyer-new-trial-cellebrite-signal-vulnerability">ask a judge to throw out data</a> obtained by Cellebrite's tools, but <a href="http://cyberlaw.stanford.edu/blog/2021/05/i-have-lot-say-about-signal%E2%80%99s-cellebrite-hack">legal experts say</a> Marlinspike's proof-of-concept is unlikely to devalue all previous Cellebrite data in the eyes of courts. </p><p>Carmil told Insider that Marlinspike achieved the exploit in a "sterile lab environment" and denied that there's evidence such an exploit has ever corrupted data extracted by Cellebrite in the real world. Nonetheless, he said the company took Marlinspike's findings "seriously" and updated its software to patch the vulnerability.</p><p>"Theoretically, everything is vulnerable," Carmil said, adding that the firm's "relationship today with 5,000 public sector customers" shows that "the results speak for themself."</p><p>Marlinspike also claimed that he found packages in Cellebrite's code signed by Apple, which appeared to be extracted from a Windows installer for iTunes, implying that Cellebrite violated Apple's copyright. While Carmil did not deny the existence of those packages, he told Insider that no copyright violation occured. </p><h2>Cellebrite is weighing its ethical obligations while forging into the private sector</h2><p>A number of high-profile criminal cases have hinged on Cellebrite's tools. In 2015, police in Leicestershire, UK used Cellebrite to extract Facebook Messenger records from the iPad of 15-year-old Kayleigh Haywood after she disappeared, discovering evidence that <a href="https://www.cellebrite.com/en/digital-media-investigators-define-investigation-workflows-allowing-every-officer-access-to-digital-evidence/">led to the arrest</a> of her suspected killer. </p><p>At the start of 2020, roughly 90% of Cellebrite's clients were government agencies, but has also been seriously pursuing private enterprises in recent years, Carmil said. The company expects private companies to comprise 20% of its business by the end of 2023. </p><p>"The private sector is a great opportunity," chief strategy officer Leeor Ben-Peretz told Insider, adding that private clients use Cellebrite for e-discovery in corporate security litigation and fraud cases. Companies are <a href="https://www.businessinsider.com/cybersecurity-hiring-demand-for-insider-threat-analysts-on-the-rise-2021-2">increasingly seeking out digital tools to help track down insider leaks</a>, a growing threat to corporate secrets. </p><p>But as the firm grows its base of enterprise clients, it's also ruling out certain government customers with track records of human rights abuses. It recently <a href="https://www.jpost.com/international/israeli-cellebrite-halts-phone-hacking-services-to-hong-kong-and-china-645034">stopped selling its tech</a> to countries like Russia, Belarus, and China after it emerged that those governments used Cellebrite tools against political dissidents.</p><p>Carmil said Cellebrite only wants to work with customers who align with its mission to "create a safer environment," adding that he recently hired a chief compliance officer to ensure the company doesn't violate sanctions imposed by the US, EU, or Israel.</p><p>"Especially now as we go public, we are very motivated by what we do. We wake up in the morning to help the forces that create a safer world," Carmil said. "We need to accelerate justice."</p><p><a href="https://www.businessinsider.com/cellebrite-ceo-going-public-apple-samsung-private-sector-moxie-marlinspike-2021-6#comments">Join the conversation about this story »</a></p> <p>NOW WATCH: <a href="https://www.businessinsider.com/what-happens-when-you-drink-too-much-water-intoxication-2018-11">What happens when you drink too much water</a></p>
Click here to read full news..
