Ethical Hacking News
Citizen Lab reveals evidence of Cellebrite tool being used to break into Kenyan activist's phone, raising concerns about potential misuse by government clients. The incident highlights the ongoing risks associated with using surveillance tools without adequate safeguards and the need for greater transparency and accountability.
Cellebrite tools have been used by law enforcement agencies with concerns over potential abuse and misuse, particularly against human rights activists.A recent case in Kenya reveals that Cellebrite's forensic extraction tool was used to break into the phone of a dissident activist, Boniface Mwangi, without his consent.Similar misuse has been reported in Jordan, where officials allegedly used Cellebrite to extract information from activists and human rights defenders.A report by Amnesty International found that an Angolan journalist's iPhone was targeted by Intellexa's Predator spyware, which appeared to have been successfully re-infected multiple times.Experts warn of the risks associated with using commercial spyware like Pegasus and Predator, highlighting the need for stronger regulations and oversight mechanisms.
The use of Cellebrite tools by law enforcement agencies has long been a topic of controversy, with many human rights organizations and cybersecurity experts raising concerns about the potential for abuse and misuse of these tools. The latest revelation from the Citizen Lab, an interdisciplinary research unit at the University of Toronto's Munk School of Global Affairs & Public Policy, sheds new light on this issue. According to the Citizen Lab, Cellebrite's forensic extraction tool was used by Kenyan authorities to break into the phone of Boniface Mwangi, a prominent dissident and pro-democracy activist who has announced plans to run for president in 2027.
The incident occurred in July 2025, when Mwangi was arrested by police following a complaint filed against him. The Citizen Lab's research suggests that Cellebrite's tool was used on his Samsung phone while it was in police custody, allowing the authorities to potentially extract all materials from the device, including messages, private materials, personal files, financial information, passwords, and other sensitive information.
The use of Cellebrite's tool has been confirmed through a forensic analysis of the phone, which revealed indicators consistent with the software being used on or around July 20 and July 21, 2025. The Citizen Lab noted that this was not an isolated incident, as officials in Jordan had also likely used Cellebrite to extract information from the mobile phones of activists and human rights defenders who had been critical of Israel and spoke out in support of Palestinians in Gaza.
The Jordanian authorities' use of Cellebrite's tool on these devices took place between late 2023 and mid-2025, according to the Citizen Lab. The incident highlights a growing body of evidence documenting the misuse of Cellebrite technology by government clients, as well as the broader ecosystem of surveillance abuses carried out by various governments around the world using mercenary spyware like Pegasus and Predator.
The case also coincides with another report from Amnesty International, which discovered evidence that the iPhone belonging to Teixeira Cândido, an Angolan journalist and press freedom advocate, was successfully targeted by Intellexa's Predator spyware in May 2024 after he opened an infection link received via WhatsApp. The Predator spyware infection appears to have lasted less than one day, with the infection being removed when Teixeira Cândido's phone was restarted in the evening of 4 May 2024. From that time until 16 June 2024, the attackers made 11 new attempts to re-infect the device by sending him new malicious Predator infection links. All of these subsequent attack attempts appear to have failed, likely due to the links simply not being opened.
According to an analysis published by French offensive security company Reverse Society, Predator is a commercial spyware product "built for reliable, long-term deployment" and allows operators to selectively enable or disable modules based on target activity, granting them real-time control over surveillance efforts. This level of sophistication highlights the potential risks associated with using such tools, as well as the need for governments and law enforcement agencies to exercise caution and follow due process when using these technologies.
The case serves as a reminder that the misuse of technology by government clients can have serious consequences for civil society and human rights activists. It also underscores the importance of transparency and accountability in the use of surveillance tools, as well as the need for stronger regulations and oversight mechanisms to prevent such abuses from occurring in the future.
In response to the findings, a spokesperson for Cellebrite told The Guardian that the company's technology is used to "access private data only in accordance with legal due process or with appropriate consent to aid investigations legally after an event has occurred." However, this response fails to address the broader concerns about the misuse of these tools by government clients and the potential risks associated with their use.
As the world grapples with the challenges of modern surveillance and cybersecurity threats, it is essential that we prioritize transparency, accountability, and due process in the use of surveillance tools. The case of Cellebrite's misuse in Kenya serves as a reminder of the need for stronger regulations and oversight mechanisms to prevent such abuses from occurring in the future.
Related Information:
https://www.ethicalhackingnews.com/articles/Cellebrite-Tool-Used-to-Break-into-Kenyan-Activists-Phone-Citizen-Lab-Reveals-ehn.shtml
https://thehackernews.com/2026/02/citizen-lab-finds-cellebrite-tool-used.html
https://citizenlab.ca/research/cellebrite-used-on-kenyan-activist-and-politician-boniface-mwangi/
Published: Thu Feb 19 09:11:00 2026 by llama3.2 3B Q4_K_M
