For years, a locked cell phone belonging to the suspect in a Pasadena murder case sat in an evidence room as investigators searched for a way to bypass the device’s security measures.
The police may have finally caught a break.
Israeli mobile forensics company Cellebrite has released a software update that includes a “Lock Bypass” feature that would allow police to access the suspect’s locked Samsung g550t phone and uncover any evidence related to the December 2015 murder. according to a recently filed search warrant application.
As smartphones have become ubiquitous, law enforcement agencies in the US have recognized their potential utility in criminal investigations – a vast trove of personal information about who users interact with, where they shop, and where they travel.
But police forces’ attempts to access phones have often put them at odds with companies like Apple and Samsung, which market their devices’ built-in security and privacy to digitally savvy users.
It’s not clear from the order in the Pasadena case whether investigators were able to bypass the phone’s passcode using the Cellebrite program or what data, if any, they extracted. But in an affidavit supporting the warrant, a Pasadena homicide detective wrote that he learned about the update in mid-January from a forensic computer examiner assigned to the Verdugo Regional Crime Laboratory.
“In January 2023, the Cellebrite program successfully bypassed the lock on a Samsung mobile phone, for an unrelated investigation, with the new software update,” said the warrant, which seeks data from a month before the incident through to with November 18, 2015. the date of the suspect’s arrest. This search warrant requests permission to search and seize documents that may be on [the suspect’s] mobile phone in any form found in connection with this murder investigation.”
The simmering debate over cell phone privacy first hit the mainstream in 2016 after a mass shooting in San Bernardino.
At the time, Apple resisted the FBI’s demands to help unlock the gunman’s iPhone 5C, Syed Rizwan Farook, sparking a contentious legal battle closely watched by privacy rights advocates and civil libertarians. Federal authorities eventually found another method to unlock the phone, without Apple’s help. Farook and his 27-year-old wife and accomplice, Tashfeen Malik, were both killed in a shootout with police after the shooting.
Phone infiltration technology has advanced so rapidly in recent years that today thousands of local police departments have acquired the tools or have access to them through state and federal agencies, said Riana Pfefferkorn, a researcher for Stanford’s Center for Internet and Society.
A 2020 study by the nonprofit organization Upturn found that at least 2,000 law enforcement agencies in all 50 states have the technology to access and extract data from locked phones.
Even as phone companies have tried to stay one step ahead with newer and more sophisticated operating systems, the Pasadena case underscores how far law enforcement will go to catch up, Pfefferkorn said.
“There’s just always a game of cat and mouse between the people who make cell phones and the people who make digital forensics,” she said. “People still need privacy, and there’s still an opportunity for this kind of abusive technology in the hands of the police.”
The Samsung phone at the center of the Pasadena case belongs to a 44-year-old man long suspected by police of pulling the trigger in the deadly shooting of Robert Calderon on December 18, 2015. Relatives and police say that Calderon, a 27-year-old apprentice electrician from Altadena, had dropped off his mother at an office holiday party and gathered with friends before he was shot.
Investigators found a trail of blood that began in the middle of the street to the grassy strip between the curb and sidewalk, where Calderon collapsed. But in the months that followed, the trail went cold, hampered by witnesses’ unwillingness to talk to police.
Detectives eventually developed a suspect, who they said was seen arguing with Calderon in a parked vehicle just before the shooting. After his arrest in 2018, they seized his phone and obtained a search warrant to “forensically process” it with an earlier version of the Cellebrite software, the warrant said. But that attempt yielded only “limited extraction of the cell phone’s data due to a lock that required a passcode,” it said.
Police turned the case over to the Los Angeles County District Attorney’s office, but prosecutors declined to press charges due to insufficient evidence, according to the warrant.
Police said they hope the latest version of Cellebrite will help them establish the suspect’s “ownership” of the phone. The ministry declined to comment, citing the ongoing investigation.
Founded in 1999, Cellebrite produces mobile extraction software and data extraction devices used by many law enforcement agencies. It continues to roll out new products, including one called Pathfinder, which uses artificial intelligence to filter and analyze massive amounts of data.
In recent years, the company has tried to counter the so-called unfair media coverage by writing on its website that it does not sell its products to an agency without first thoroughly researching them.
“Before even considering granting a customer access to our technology, we research the recent and long-standing human rights record and look at other factors that we consider limiting,” the company’s website said. “Our sales decisions are also guided by strict internal parameters, which take into account a potential client’s human rights record and anti-corruption policies, and reflect input from our Executive Team, Compliance Officer and Ethics & Integrity Committee.”
The company did not respond to an email on Thursday.
The LAPD has been a customer of Cellebrite for years, department observers and documents say. In its 2023-24 budget proposal, the department wrote that the Department of Technical Investigations used a software called Cellebrite Premium, which expands its “access to data on locked-down mobile devices, provides investigative prompts for officers, and preserves evidence.”
An email to the head of the division went unanswered on Thursday.
Pfefferkorn, the Stanford researcher, said even non-lawbreakers should be wary of these recent technological advancements and take steps to secure their mobile devices from both malicious attacks and potential hacks.
This, she said, is especially true “if you’re going to a protest, if you’re going to a political rally or any other place where there’s an increased risk of getting arrested or having your phone confiscated.”
Times staff writer Richard Winton contributed to this report.
This story originally appeared in the Los Angeles Times.