Digital forensics firm with iPhone cracking technology lists Enforcement Directorate as one of its clients

Nextechno Gen, a Delhi-based cyber forensics firm, has access to tech from Cellebrite, an Israeli firm boasting of iPhone-cracking capabilities

April 09, 2024 11:14 pm | Updated April 11, 2024 10:36 am IST - New Delhi

Image used for representational purpose.

Image used for representational purpose. | Photo Credit: Reuters

The Enforcement Directorate (ED) is a client of a cyber forensics firm that has access to iPhone-cracking hardware, according to the firm’s website.

Nextechno Gen, a Delhi-based firm, lists the ED as a client. It also has a section on its website dedicated to Cellebrite, an Israeli tech firm that has acquired a global reputation for being able to break into Apple Inc.’s iPhones, which are advertised as secure.

Nextechno Gen’s connection with the ED comes at a time when the financial law enforcement agency has stated in court that Delhi Chief Minister Arvind Kejriwal has refused to cooperate in unlocking an iPhone that was seized from him; lawyers for Mr. Kejriwal, who has been in custody since his arrest last month, defended that refusal, arguing that investigators might leak the contents of his phone and serve partisan aims. Apple has told investigators that the company is by design unable to unlock a pin-protected device.

“As a practice, out of respect for our relationships, we do not divulge specific customer information,” Victor Cooper, a Cellebrite spokesperson said in a statement to The Hindu. Mr. Cooper confirmed that Cellebrite had an India office to “assist our customers”. He said Cellebrite’s products were required to be used by law enforcement agencies with transparency safeguards and agency-specific standard operating procedures.

Nextechno Gen did not respond to questions from The Hindu, and neither did the ED. Device cracking technology adds to the repertoire of Indian agencies’ access to digital surveillance tools — the Intelligence Bureau has access to Pegasus, developed by the Israeli NSO Group Technologies. Pegasus exploits unpatched vulnerabilities on smartphones, allowing attackers to spy on phone data and tap real time microphone and camera feeds. The Union government has not denied using Pegasus, and reported Pegasus infections in India continued even a year after a Forbidden Stories consortium investigation found that activists, journalists and politicians had been targeted with the spyware.

Access to software that breaks into secure devices has been sought by law enforcement agencies around the world. In 2017, India sought assistance from the United States to unlock the iPhone of Lashkar-e-Taiba operational commander Abu Dujana. Nextechno Gen, which has a section on its website linking to Cellebrite brochures, lists not only the ED as a client, but also the Bihar Police, the Kerala Police, Delhi’s Forensic Science Laboratory, the Indian Army, the Kolkata Police, and law enforcement agencies in Nepal and the Maldives. The tech portal MediaNama reported in 2022 that the Hyderabad Police and Maharashtra Police have used Cellebrite for device searches.

Indian law enforcement agencies do not typically disclose hacking tools they use for accessing electronic devices when their owners do not cooperate in unlocking them. In a leaked training video from Cellebrite last year, an instructor for the company asked law enforcement agencies to be “hush hush” about their device cracking capabilities, if they are using them.

Digital privacy advocates have argued that there need to be legal protections against arbitrary electronics seizures to safeguard the constitutional right against self-incrimination, a demand that has grown sharply as smartphones’ role in users’ daily lives expands.

Advocate Prasanna S. said that while people are generally protected against giving up passwords to their devices under Indian jurisprudence, the police generally have a wide berth in terms of finding such information themselves. However, he said, the scope of going through electronic devices for information in an investigation should be limited.

Mr. Prasanna is assisting petitioners in the Ram Ramaswamy v. Union of India case, which is one of multiple petitions calling for restrictions around device seizure. “Our argument is that [inspecting seized devices] requires a warrant, and even if you break in, you can’t completely clone all the data, and if you do, you can’t inspect everything except what you want,” he said. “If you’re alleging a conspiracy in a WhatsApp group, you can only see that group,” he argued.

0 / 0
Sign in to unlock member-only benefits!
  • Access 10 free stories every month
  • Save stories to read later
  • Access to comment on every story
  • Sign-up/manage your newsletter subscriptions with a single click
  • Get notified by email for early access to discounts & offers on our products
Sign in


Comments have to be in English, and in full sentences. They cannot be abusive or personal. Please abide by our community guidelines for posting your comments.

We have migrated to a new commenting platform. If you are already a registered user of The Hindu and logged in, you may continue to engage with our articles. If you do not have an account please register and login to post comments. Users can access their older comments by logging into their accounts on Vuukle.