Researchers have found forensic evidence suggesting that Kenyan authorities used Cellebrite’s phone-cracking technology on the device of a prominent human rights activist after arresting him, according to a report published Tuesday.
The University of Toronto’s Citizen Lab said the intrusion is a sign of growing abuse of Cellebrite’s technology. According to the report, after his widely criticized arrest in July amid mass protest, Boniface Mwangi noticed that his personal phone no longer required a password to access. The government initially suggested it might pursue terrorism charges, but later backed away from that and instead filed lesser offenses.
After the incident, Mwangi gave his phone to Citizen Lab for forensic analysis. The group said it found evidence of Cellebrite’s use, potentially to extract data from his device.
Mwangi told CyberScoop he felt a “very strong feeling of violation” after that, as his phone contained family photos, conversations with loved ones and even his plans for running for president, a bid he announced in August.
“I’ve been shot, I’ve been jailed, I’ve been tortured, I’ve been assaulted in many, many ways,” he continued. “So this is more emotional than physical, because I feel like someone was in your private thoughts — the things that you think, that you think should never be public.”
Citizen Lab said the incident showed that Cellebrite’s claims of safeguards against abuse via an ethics committee aren’t sufficient.
“Boniface Mwangi’s case wasn’t the first Cellebrite abuse case, and it won’t be the last, because Cellebrite has a global abuse problem,” John Scott-Railton, senior researcher at the organization, told CyberScoop. “When Cellebrite sells their technology to a security service with a track record of abuses, journalists, activists, and people speaking their conscience are at risk. It’s time for Cellebrite to take action and prove that their ethics committee isn’t a Potemkin village and their vetting procedures aren’t just empty platitudes.”
The U.S. government, including the Immigration and Customs Enforcement agency, also uses Cellebrite’s products and services.
Citizen Lab sent Cellebrite a list of questions, but the company did not respond to them. Cellebrite did, however, defend its approach in a response to CyberScoop.
“Cellebrite maintains a rigorous process for reviewing allegations of technology misuse,” said Victor Cooper, a company spokesperson. “When credible, substantiated evidence is presented directly to our team, we investigate thoroughly and take decisive action, up to and including license termination.
“We do not respond to speculation and encourage any organization with specific, evidence-based concerns to share them with us directly so we can act on them,” he continued.
“Cellebrite operates under stringent compliance and ethics frameworks. We stand behind our vetting processes, our Ethics & Integrity Committee and our record of enforcement.”
Neither a spokesperson for the Kenyan government nor the Kenyan embassy in Washington, D.C. answered requests for comment Monday.
The post Citizen Lab links Cellebrite to the hacking of a Kenyan presidential candidate’s phone appeared first on CyberScoop.
–
Read More – CyberScoop
