Advertisement

Pasadena police banking on phone-hacking tool to solve cold case murder

An engineer shows devices, explains technology developed by Israeli firm Cellebrite to pull data from locked smartphones
An engineer displays devices developed by the Israeli firm Cellebrite in 2016. It takes only a few seconds for an employee of Cellebrite, one of the world’s leading hacking companies, to take a locked smartphone and pull the data from it.
(Jack Guez/ AFP via Getty Images)
Share via

For years, a locked cellphone belonging to the suspect in a Pasadena homicide sat in an evidence room as investigators sought a way to get around the device’s security measures.

Police might have finally caught a break.

Israeli mobile forensics firm Cellebrite has released a software update with a “Lock Bypass” feature that could allow police to access the suspect’s locked Samsung g550t phone and retrieve any evidence about the December 2015 slaying, according to a recently filed search warrant application.

As smartphones have become ubiquitous, law enforcement agencies across the U.S. have recognized their potential usefulness in criminal investigations — a vast trove of personal information about whom the users communicate with, where they shop and where they travel.

Advertisement

But police departments’ attempts to access phones have often put them at odds with companies such as Apple and Samsung, which market their devices’ built-in security and privacy to digital-savvy users.

It’s not clear from the warrant in the Pasadena case if investigators were able to bypass the phone’s passcode lock using the Cellebrite program or what, if any, data they extracted. But in an affidavit supporting the warrant, a Pasadena homicide detective wrote that he learned about the update in mid-January from a computer forensic examiner assigned to the Verdugo Regional Crime Laboratory.

“In January 2023, the Cellebrite program successfully bypassed the lock on a Samsung cellular telephone, for an unrelated investigation, with the new software update,” said the warrant, which seeks records from a month before the incident through Nov. 18, 2015, the date of the suspect’s arrest. “This search warrant seeks permission to search and seize records that may be found on [the suspect’s] cellular telephone in whatever form they are found as it relates to this homicide investigation.”

Advertisement

The simmering debate over cellphone privacy first spilled into the mainstream in 2016 after a mass shooting in San Bernardino.

At the time, Apple was resisting the FBI’s demands that it help unlock the iPhone 5C belonging to the shooter, Syed Rizwan Farook, setting off a contentious legal battle that was closely watched by privacy rights advocates and civil libertarians. Federal authorities eventually found another method for unlocking the phone, without Apple’s help. Farook and his 27-year-old wife and accomplice, Tashfeen Malik, were both killed in a gun battle with police after the shooting.

Phone infiltration technology has advanced at such lightning speed in the years since that today thousands of local police agencies have acquired the tools or have access to them through state and federal agencies, said Riana Pfefferkorn, a research scholar for Stanford’s Center for Internet and Society.

Advertisement

A 2020 study by the nonprofit Upturn found that at least 2,000 law enforcement agencies in all 50 states possess the technology to get into and extract data from locked phones.

Even as phone companies have tried to stay one step ahead with newer and more advanced operating systems, the Pasadena case underscores the lengths to which law enforcement will go to catch up, Pfefferkorn said.

“There’s just perennially a cat-and-mouse game between the people who make cellphones and the people who make digital forensic devices,” she said. “People still have a need for privacy, and there’s still a possibility for the misuse of this kind of technology in the hands of police.”

Robert Calderon poses in front of the Golden Gate Bridge
Two weeks before he was killed, Robert Calderon poses in front of the Golden Gate Bridge during a family trip to San Francisco.
(Calderon family)

The Samsung phone at the center of the Pasadena case belongs to a 44-year-old man who police have long suspected of pulling the trigger in the Dec. 18, 2015, fatal shooting of Robert Calderon. Relatives and police say Calderon, a 27-year-old apprentice electrician from Altadena, had dropped his mother off at an office holiday party and gotten together with friends before he was gunned down.

Investigators found a trail of blood starting at the center of the street to the grassy strip between the curb and sidewalk, where Calderon collapsed. But in the months that followed the trail went cold, hampered by witnesses’ reluctance to speak with police.

Detectives eventually developed a suspect, who they said had been seen arguing with Calderon inside a parked vehicle moments before the shooting. After his arrest in 2018, they seized his phone and obtained a search warrant to “forensically process” it with an earlier version of the Cellebrite software, the warrant said. But that attempt yielded only “a limited extraction of the data from the cellular telephone due to a lock that required a passcode,” it said.

Police turned the case over to the Los Angeles County district attorney’s office, but prosecutors declined to file charges due to insufficient evidence, according to the warrant.

Police said they hope the latest version of Cellebrite will help them establish the suspect’s “ownership” of the phone. The department declined to comment, citing the ongoing investigation.

Founded in 1999, Cellebrite produces mobile extraction software and data extraction devices that many law enforcement agencies use. It continues to roll out new products, including one named Pathfinder, which uses artificial intelligence to filter and analyze vast amounts of data.

Advertisement

The company has in recent years sought to push back on what it’s called unfair media coverage, writing on its website that it doesn’t sell its products to an agency without first researching them thoroughly.

“Before we even consider granting a customer access to our technology, we examine its recent and long-term human rights record and look at any other factors that we consider restrictive,” the company’s website says. “Our sales decisions are also guided by strict internal parameters, which consider a potential customer’s human rights record and anti-corruption policies and reflect the input of our Executive Team, Compliance Officer, and Ethics & Integrity Committee.”

The company didn’t respond to an email Thursday.

The LAPD has been a Cellebrite customer for years, department observers and documents say. In its 2023-24 budget proposal, the department wrote that its Technical Investigations Division was using a software called Cellebrite Premium, which expands its “access to data on locked mobile devices, provides investigative leads for officers, and preserves evidence.”

An email to the head of the division went unreturned on Thursday.

Pfefferkorn, the Stanford researcher, said that even non-lawbreakers should be wary of these recent technological advancements and take steps to secure their mobile devices against both malicious attacks and potential hacks.

This, she said, is particularly true “if you’re going out to a protest, if you’re going to a political meeting or some other place where there might be a heightened risk of being arrested or having your phone seized.”

Times staff writer Richard Winton contributed to this report.

Advertisement