Human rights groups have reportedly asked the Defense Ministry to stop permitting an Israeli company to sell its phone hacking tool to Uganda, claiming it is used for rights abuses.
Cellebrite has sold its UFED phone-hacking software to the Ugandan police and security services, Haaretz reported Wednesday.
UFED makes it possible to break into password-protected phones and retrieve all the information they contain.
Several human rights groups signed on to the letter sent to the Defense Ministry penned by human rights attorney Eitay Mack, one of the country’s leading voices against arms sales to human rights violators.
In it they asked that UFED no longer be sold to Uganda, where President Yoweri Museveni has been in power for 35 years. The Defense Ministry’s Defense Export Control Agency monitors and approves sales of security technologies abroad.
According to Mack, Uganda has been using the UFED product since 2017. The letter detailed murders, kidnappings, and torture of human rights activists, dissidents, and members of the LGBT community and members of the opposition.
The Defense Ministry claims that there is tight and effective oversight of Israeli cyber products sold abroad and that it puts humans rights at the forefront when permitting the sale of cyber tools.
Cellebrite said its products were sold to Uganda’s police and security services to fight serious crime and terror. The company says it ensures that its tools are only used for legal and ethical purposes.
Aside from Uganda, Cellebrite has reportedly marketed its products to other regimes accused of rights abuses such as those of Belarus, China, Hong Kong, Venezuela, Indonesia, Russia, the Philippines, and the Bangladesh police RAB group.
In 2020 rights activists asked that Cellebrite be blocked from selling its tool to Belarus.
Software by the Petah Tikva-based Cellebrite was reportedly used by the FBI in 2016 to hack into the iPhone of the San Bernardino shooter, after Apple refused the US government’s request to build a backdoor into its famously secure operating system.
Cellebrite’s technology does not work remotely. It requires a specially designed device to be physically connected to the phone being hacked.
Cellebrite has faced widespread criticism for its refusal to reveal its methods to Apple so the tech giant’s security technicians can seal up the vulnerabilities.
The company has long argued that its help to law enforcement agencies brings greater benefit to the public.
The company has also insisted that it requires potential clients to demonstrate they have the authority to access an iPhone or Android device before making their product available. It has also said the technology’s dependence on physically interfacing with the phones means it is unlikely to be misused.
But critics have noted that Cellebrite has had difficulty ensuring kits it has sent to clients remain with the clients. In February 2019, Cellebrite phone hacking kits were found on sale on eBay, while some clients have not returned the kits to Cellebrite after use, as the company requests.
There are also fears a Cellebrite kit could be reverse-engineered to uncover vulnerabilities that the company continues to keep hidden from the cellphone makers.