Predaxia Research

Cellebrite UFED Premium

Cellebrite DI Ltd. · Israel

Active2024 leak confirmed2025 Marines leak

Confidence 5/5

VendorCellebrite DI Ltd. (Nasdaq: CLBT)

Country of originIsrael (HQ Petah Tikva)

Founded1999

Current statusActive. Publicly traded

US gov customers2,800+ per Cellebrite (Bloomberg 2023)

Use caseMobile forensics for law enforcement, intelligence, military

Suspended salesRussia and Belarus 2021, Myanmar post-coup

Predaxia GlossaryWhat it means in practicePlain-English explainer · Threat model · Action steps

Technical capabilities

Cellebrite UFED is a hardware and software platform used to extract data from seized mobile devices. The April 2024 documents leaked to 404 Media, confirmed authentic by Cellebrite communications director Victor Ryan Cooper, provide the most detailed publicly available picture of capability limits.

iOS support matrix (per April 2024 documents)

iPhone XR through iPhone 11 series: unlockable on iOS 17.1 to 17.3.1 via “Supersonic BF” brute-force capability.
iOS 17.4 and later: labeled “In Research”, meaning not unlockable at the time of the leak.
iPhone 12 and newer on iOS 17.1-17.3.1: labeled “Coming soon”, not currently unlockable.
iPhone 15 entire lineup: not exploitable.

Android support matrix

Broader coverage than iOS, but with major exceptions.
Google Pixel 6, 7, and 8 series: cannot be brute-forced when powered off.
Most consumer Android devices vulnerable in After First Unlock (AFU) state.

Customer states and agencies

Confirmed customers include US federal agencies (FBI, ICE, DEA, DHS, Secret Service), US state and local law enforcement, the US military (Marine Corps confirmed October 2025 leak), India, Saudi Arabia, the United Arab Emirates, Russia (sales suspended after the 2022 Ukraine invasion), Belarus (suspended 2021), Bangladesh, Indonesia, and Myanmar (used against journalists per Reuters reporting; Cellebrite suspended sales after the investigation).

Documented use against civilians and journalists

Brazilian police confirmed use against journalist suspects in a 2018 child murder investigation.
Belarus: deployment against political opposition pre-2021 sales suspension.
Myanmar: post-coup deployment against journalists and activists, leading to Cellebrite halting sales.
US local law enforcement: extensive use in routine investigations, documented by the Surveillance Technology Oversight Project (STOP).

Legal and sanctions status

Not on the US Entity List.
Publicly traded on Nasdaq under ticker CLBT.
April 2021: Signal’s Moxie Marlinspike published vulnerabilities in Cellebrite Physical Analyzer.
2021: Cellebrite suspended sales to Russia and Belarus following civil society pressure.
Suspended sales to Myanmar post-coup after Reuters reporting.

Technical countermeasures

GrapheneOS on Pixel 6, 7, 8: per the April 2024 documents, these devices powered off cannot be brute-forced.
iOS 18: automatic reboot after 72 hours of inactivity in locked state.
Strong alphanumeric passcode (10+ characters): exponentially increases brute-force time against UFED.
Powered-off state: most modern devices in BFU are significantly more resistant than in AFU.
Disable USB accessories on lock screen: iOS Settings → Face ID and Passcode → USB Accessories off.
Lockdown Mode (iOS 16+): partial mitigation for some attack vectors.

For journalists and lawyers. If a device has been seized, treat it as compromised even after return. Forensic copies persist indefinitely. Consider device replacement and review of all credentials accessible from the seized device.

Sources

Update log

February 11, 2026: Page launched. Initial sourcing through Citizen Lab, Amnesty Security Lab, Microsoft Threat Intelligence, Google TAG, Lookout, Kaspersky GReAT, US Treasury OFAC, court documents and investigative press.

There’s no perfect setup. Anyone selling you perfect is selling fear. The goal is simple: make yourself a harder target than the person next to you.