The company, Cellebrite, which specializes in developing tools for digital forensic investigations, is reported to have sold its phone-hacking software known as Universal Forensic Extraction Device -UFED, to the Ugandan police and other security services.
Human rights groups have asked
the Israeli Defence Ministry to stop permitting its company to sell its phone
hacking tool to Uganda, claiming it is used for rights abuses.
The company, Cellebrite, which specializes
in developing tools for digital forensic investigations, is reported to have
sold its phone-hacking software known as Universal Forensic Extraction Device -UFED,
to the Ugandan police and other security services. The software enables
enforcement authorities to hack into password-protected cell phones and retrieve
all the information they contain.
Uganda Police Force reportedly
uses the same technology, the UFED cloud analyzer to extract data from online storage
services like dropbox, google drive, OneDrive and Apple’s iCloud. Although
Cellebrite publications explain that remote access is only possible if the account
holder provides the password, an IT specialist who preferred anonymity said
that the user of the system is actually able to extract days from the cloud
services installed on the hacked phone.
But Israeli Human Rights Lawyer Eitay
Mack is leading a campaign to demand that UFED should not be sold to Uganda. Mack, one of Israelis’ leading
voices against arms sales to human rights violators is leading several human rights organizations which signed a letter to the
Defense Ministry stating that Uganda is using the software to oppress critics. The
Defense Ministry’s Defense Export Control Agency monitors and approves sales of
security technologies abroad.
The letter, which is also copied
to the supplier Cellebrite, detailed murders, kidnappings, and torture of human
rights activists, dissidents, and members of the opposition. They also made
reference to a 2021 Country Reports on Human Rights Practices, published by the
US Department of State which highlighted a series of state-instigated
violations against Ugandans.
The report faulted the government
and its security forces for participating in arbitrary killings, forced disappearances,
cruel, inhuman, or degrading treatment of suspects and torture. The same report
also points to restrictions on free expression including violence and unjustified
arrests or prosecution of journalists, and overly restrictive laws on the funding
or operation of nongovernmental organizations and civil society organizations.
But Cellebrite said its products
were sold to Uganda’s police and security services to fight serious crime and
terror, according to a report by The Times of Israeli and Haartez.com. The two
publications quote Cellebrite saying that it always ensures that its tools are
only used for legal and ethical purposes.
The same report quotes the
company saying that it is committed to its mission of creating a safer world through
providing solutions to law enforcement organizations while ensuring legal and ethical
use of its products. “We have developed strict means of oversight that will
ensure proper use of our technology in the context of investigations carried
out under the law.
The company has also insisted
that it requires potential clients to demonstrate they have the authority to
access an iPhone or Android device before making their product available. It
has also been saying the technology’s dependence on physically interfacing with the
phones means it is unlikely to be misused.
But critics have noted that
Cellebrite has had difficulty ensuring kits it has sent to clients remain with
In February 2019, Cellebrite phone hacking kits were found on sale
on eBay, while some clients have not returned the kits to Cellebrite after use,
as the company requests. There are also fears a Cellebrite kit could be
reverse-engineered to uncover vulnerabilities that the company continues to
keep hidden from the cellphone makers.
Cellebrite has sold the same software
to Belarus, China, Hong Kong, Venezuela, Indonesia, Russia, the Philippines,
The Israeli Defense Ministry
claims that there is tight and effective oversight of Israeli cyber products
sold abroad and that it puts human rights at the forefront when permitting the
sale of cyber tools.
Yusuf Sewanyana, the director of the Police's ICT Directorate told URN that although the technology was procured, it is not in use at the moment.
//Cue in; "what I know...
Cue... use it for."//
Last year, an advanced spyware
Pegasus, created by another Israeli firm NSO Group was reportedly detected on at least
11 iPhones used by US officials in Uganda, as well as locals working for the Embassy. According to a report which
was published by the Washington Post, the targeted individuals were notified by
Apple that their devices had been hacked.
NSO has previously said Pegasus can’t be used against US-based devices, Americans
working overseas can and often do acquire local phone numbers, which may be
vulnerable to Pegasus attacks. A report by the New York
Times indicated that the targets were easily identifiable as State Department employees
because they had used their professional email addresses to create Apple IDs.
NSO Group maintains that
governments that purchase Pegasus are carefully vetted and are not to use the
product except for specific purposes; however, the company has repeatedly sold
Pegasus to countries known to use surveillance technology to track dissidents,
lawyers, journalists, and other members of civil society.