System hacking

Chinese Police Kept Buying Cellebrite Phone Crackers After Cellebrite Said It Ended Sales


In its bid to go public next week, Israeli cellphone hacking company Cellebrite has tried to present itself as a defender of global human rights, highlighting its withdrawal from Bangladesh, Belarus, China, Hong Kong, Russia, and Venezuela. In a presentation to investors filed with the U.S. Securities and Exchange Commission earlier this month, the company claimed that its mission was to “protect and save lives, accelerate justice and preserve privacy in global communities.”

But even after Cellebrite said it withdrew from China and Hong Kong, an Intercept investigation has found, police on the mainland continued to buy the company’s Universal Forensic Extraction Device, or UFED, products, which allow officers to break into phones in their possession and siphon off data. While Cellebrite did deregister its Chinese subsidiary earlier this year, it appears to have done little about the brokers that peddle its hacking technology. Chinese government procurement award notices and posts on resellers’ websites show that police have continued to purchase powerful Cellebrite software, while resellers have continued to provide updates for the software. In one case, a reseller reported delivering the Israeli company’s software to border guards in Tibet and demonstrating how it could be used to search people’s WeChat accounts.

The findings follow reports of abuses involving Cellebrite technology elsewhere in the world — including in Bahrain, Botswana, Indonesia, India, and Saudi Arabia — that the company has not meaningfully addressed. “Cellebrite hasn’t demonstrated that they have made serious efforts to investigate the misuse of their technology,” said Natalia Krapiva, tech legal counsel for AccessNow. “It seems it’s a part of their business model that they are just selling their technology to whoever will buy it, without any concern for what the consequences will be.”

Cellebrite aims to soon go public through a merger with a special purpose acquisition company, a blank-check firm formed for the sake of the IPO. Shareholders in that company, TWC Tech Holdings II Corp., will vote on the merger Friday. Cellebrite said in filings that it expects to go public shortly after the shareholder vote.

“They are just selling their technology to whoever will buy it, without any concern for what the consequences will be.”

In response to a detailed list of questions, a public relations firm hired by Cellebrite sent a statement. “Cellebrite has developed a strong compliance framework, and our sales decisions are guided by internal parameters, which consider a potential customer’s human rights record and anti-corruption policies,” the statement reads. “Cellebrite remains committed to safeguarding human rights and has developed strict controls ensuring that our technology is used appropriately in legally sanctioned investigations.”

The company did not respond to specific findings about the continued sale of its products in China.

The revelations raise questions about Cellebrite’s ability to tamp down human rights controversies going forward, a key issue for the company. AccessNow has called on the Nasdaq stock exchange to decline to approve Cellebrite’s listing.

Another Israeli digital forensics company, NSO Group, has made headlines over the past few months after its Pegasus spyware was found on the phones of journalists, human rights activists, and other prominent figures, suggesting that they had been remotely hacked. Cellebrite’s sweet spot is different. It is best known for its UFED products, which require physical access to a target’s phone but are both easy to use and relatively inexpensive. Police in China seem to favor UFED 4PC, a program that allows them to break into phones when they are connected to an investigator’s desktop computer. Cellebrite also sells portable field hacking devices, the smallest of which is around the size of an iPad. The Israeli company, which is a subsidiary of the Japan-based Sun Corporation, claimed in a recent SEC filing that its products are used by the 20 largest police departments in the United States. In 2019, OneZero obtained a contract that revealed the use of Cellebrite technology by the Manhattan District Attorney’s Office.

Joshua Wong, secretary-general of the Demosisto political party, wears a protective face mask as he uses his smart phone during a news conference to announce his bid to enter into the unofficial pro-democratic camp primary election for the Legislative Council in Hong Kong, China, on Friday, June 19, 2020. To overcome fractures between the moderates and more radical localists, legal scholar Benny Tai is attempting to organize an unofficial primary on July 11 and July 12 to select favored candidates in each district. Photographer: Chan Long Hei/Bloomberg via Getty Images

Pro-democracy leader Joshua Wong said Hong Kong police used Cellebrite technology to hack his phone.

Photo: Chan Long Hei/Bloomberg via Getty Images

Human rights groups have repeatedly sounded the alarm about policing in China, where security officials have used predictive policing software, facial recognition, and internet snooping to surveil ethnic minorities and other targeted groups. Cellebrite’s UFEDs can give police access to years’ worth of data. “The use of hacking is both targeted on dissidents and activists throughout China, but also routine in a place like Xinjiang,” the region where Chinese authorities have severely repressed Muslim Uyghurs, said Maya Wang, senior China researcher at Human Rights Watch. “And in both cases it could lead to people being imprisoned arbitrarily, because there’s no rule of law in China in essence.” People in Xinjiang have reported being forced at police checkpoints to plug their phones into devices.

In October 2020, following an outcry over the use of its products to surveil Hong Kong protesters, Cellebrite announced that it would leave China and Hong Kong “effective immediately.”

For years before that, the company quietly built up a presence in the region. Cellebrite established a subsidiary in Beijing in September 2015, as the Chinese government was investing heavily in surveillance technology. According to LinkedIn, the company eventually hired a sales director for greater China. A source familiar with the telecommunications industry in China said that in addition to sales staff, Cellebrite also hired researchers in the country.

“It could lead to people being imprisoned arbitrarily.”

Many of the Cellebrite researchers who spend their days collecting vulnerabilities in different cellphone models are based at its campus in Petah Tikva, Israel, where they are recruited from other tech companies or from the Israeli military’s famed signals intelligence arm Unit 8200. But the company also had projects in the works at the time that would have benefited from a research presence in China. It boasts that its UFED CHINEX software add-on can help police extract data from certain Chinese-made phones, for example.

Cellebrite declined to comment on the size of its China operation or on whether it employed researchers there prior to its withdrawal from the market. As Cellebrite prepared to exit China, an Israeli lawyer in Shanghai was made the company’s chief representative there. When reached by phone, she hung up.

In 2016, when Apple refused to help the FBI gain access to the iPhone of the San Bernardino shooter, one of two assailants in a shooting that left more than a dozen people dead, it…


Read More:Chinese Police Kept Buying Cellebrite Phone Crackers After Cellebrite Said It Ended Sales

Products You May Like