Cellebrite is an Israeli digital forensics company founded in 1999, public on Nasdaq since 2021 (CLBT). Its flagship product, the UFED (Universal Forensic Extraction Device), is the most widely deployed mobile forensic tool in law enforcement and intelligence services worldwide. Customer base: federal agencies in over 100 countries, plus state and local police, military, intelligence services, customs, and immigration.
What it means in practice
What Cellebrite actually does is extract data from a seized phone faster and more completely than the operating system would let any user do. UFED Logical pulls what the OS exposes (recent messages, contacts, call logs). UFED Physical attempts a bit-for-bit acquisition of storage including deleted content. UFED Premium targets recent iPhones and Androids with techniques that change every few months as Apple and Google patch the vulnerabilities Cellebrite exploits. Effectiveness depends on three variables: device model, OS version, and whether the device was seized in BFU (Before First Unlock, encryption keys not in memory) or AFU (After First Unlock, keys partially loaded). A modern iPhone running the latest iOS, seized BFU, with a long alphanumeric passcode, currently exceeds Cellebrite’s public capabilities.
Who uses it, and against whom
Customer list spans US federal (FBI, ICE, DHS, ATF, USSS), every major state police force, customs at ports of entry, plus international: UK police, Israeli services, Singapore, several EU countries documented through procurement records. Authoritarian governments are also customers: Cellebrite has confirmed sales to Belarus, Russia (suspended after 2022), Saudi Arabia, Bahrain, and others where deployments against journalists and activists have been documented by Citizen Lab and Access Now. Against whom: anyone whose phone is seized at a border, at a protest, in a domestic raid, after an arrest, or during a custody-dispute device exchange. The technology is industrial; the legal threshold for using it varies wildly by jurisdiction.
What you can change today
Three concrete actions before any high-risk situation. First, switch the device passcode from a 6-digit PIN (brute-forceable in hours) to an alphanumeric passphrase of 10+ characters. Second, before any border crossing or risky event, power the device fully off (not lock screen, fully off) so that on next boot it lands in BFU state where Cellebrite’s capabilities are sharply reduced. Third, on iPhone, enable USB Restricted Mode in Settings (Face ID & Passcode) so the Lightning port disables data transfer one hour after the last unlock; on Android, enable lockdown mode and remove biometrics from the lock-screen options for the duration of the trip.