cellebrite-china-cellphone-hack - Arkansas Surveillance Wiki

# The Intercept — "Chinese Police Kept Buying Cellebrite Phone Crackers After Company Said It Ended Sales" (Aug 26 2021) > *This is an August 26, 2021 investigative report by Mara Hvistendahl for The Intercept, published days before Cellebrite's planned IPO. It documents that even after Cellebrite's October 2020 announcement that it had withdrawn from China and Hong Kong, mainland police continued to procure its UFED phone-extraction products through resellers, and it catalogs the broader pattern of Cellebrite abuses (Bahrain, Botswana, Indonesia, India, Saudi Arabia, Myanmar) and the company's own compliance claims. Critically, the piece distinguishes Cellebrite (physical-access phone extraction via UFED) from NSO Group's Pegasus spyware (remote hacking) — a distinction this investigation must preserve. It matters to the Arkansas surveillance investigation because Cellebrite is among the surveillance vendors adopted by Arkansas law-enforcement agencies, and this is among the strongest established-journalism accounts of the gap between the vendor's stated human-rights position and its documented conduct.* ## Source metadata - **Publisher:** The Intercept (author: Mara Hvistendahl) - **URL:** https://theintercept.com/2021/08/26/cellebrite-china-cellphone-hack/ - **Archived:** 2026-06-07 via firecrawl_scrape - **Tier:** 3 (established investigative journalism) ## Extract — verbatim (lightly cleaned) > In its bid to go public next week, Israeli cellphone hacking company Cellebrite has tried to present itself as a defender of global human rights, highlighting its withdrawal from Bangladesh, Belarus, China, Hong Kong, Russia, and Venezuela. In a presentation to investors filed with the U.S. Securities and Exchange Commission earlier this month, the company claimed that its mission was to "protect and save lives, accelerate justice and preserve privacy in global communities." > But even after Cellebrite said it withdrew from China and Hong Kong, an Intercept investigation has found, police on the mainland continued to buy the company's Universal Forensic Extraction Device, or UFED, products, which allow officers to break into phones in their possession and siphon off data. ... In one case, a reseller reported delivering the Israeli company's software to border guards in Tibet and demonstrating how it could be used to search people's WeChat accounts. > The findings follow reports of abuses involving Cellebrite technology elsewhere in the world — including in Bahrain, Botswana, Indonesia, India, and Saudi Arabia — that the company has not meaningfully addressed. "Cellebrite hasn't demonstrated that they have made serious efforts to investigate the misuse of their technology," said Natalia Krapiva, tech legal counsel for Access Now. "It seems it's a part of their business model that they are just selling their technology to whoever will buy it, without any concern for what the consequences will be." > In response to a detailed list of questions, a public relations firm hired by Cellebrite sent a statement. "Cellebrite has developed a strong compliance framework, and our sales decisions are guided by internal parameters, which consider a potential customer's human rights record and anti-corruption policies," the statement reads. "Cellebrite remains committed to safeguarding human rights and has developed strict controls ensuring that our technology is used appropriately in legally sanctioned investigations." The company did not respond to specific findings about the continued sale of its products in China. > Access Now has called on the Nasdaq stock exchange to decline to approve Cellebrite's listing. > Another Israeli digital forensics company, NSO Group, has made headlines over the past few months after its Pegasus spyware was found on the phones of journalists, human rights activists, and other prominent figures, suggesting that they had been remotely hacked. Cellebrite's sweet spot is different. It is best known for its UFED products, which require physical access to a target's phone but are both easy to use and relatively inexpensive. ... The Israeli company, which is a subsidiary of the Japan-based Sun Corporation, claimed in a recent SEC filing that its products are used by the 20 largest police departments in the United States. > In October 2020, following an outcry over the use of its products to surveil Hong Kong protesters, Cellebrite announced that it would leave China and Hong Kong "effective immediately." ... On October 7, 2020, Cellebrite relented and announced that "effective immediately" it would stop selling products and services to China and Hong Kong. The company claimed that it had made the change to comply with new U.S. regulations. > Then came a major public relations crisis. In December 2019, amid massive protests in Hong Kong over a proposed extradition bill, police there seized the phone of activist Joshua Wong. Although Wong refused to hand over the password, he said that police managed to access his WhatsApp conversations. Wong later said that police had used Cellebrite technology to access his phone. ... Over the course of the 2019 protests, police had taken thousands of phones from protesters. > "What you can do with the UFED is detain a protest leader, get all the information about them and their connections, and then very quickly cut the opposition," said Eitay Mack, a human rights lawyer who has unsuccessfully petitioned Israeli regulatory bodies to change how Cellebrite's technology is regulated. > But Mack, the human rights lawyer, said that the findings from China fit with a pattern seen elsewhere in the world: When Cellebrite withdraws from a country under pressure from human rights activists and the press, it does not take sufficient steps to disable the equipment that is already in the region. In 2019, Cellebrite's former broker in Myanmar told the Washington Post that police there still had access to UFEDs, even though the company said it had pulled out of the country months earlier. Before Cellebrite's departure, authorities in Myanmar used Cellebrite technology to comb the cellphones of two Reuters journalists. > Customers in countries where agreements have been terminated "no longer receive active product support or have their licenses renewed," Cellebrite said in its statement. "All resellers Cellebrite works with are subject to the same restrictions." > In a recent SEC filing, Cellebrite claimed that going forward it would "prioritize a human rights-based approach" and practice "strict adherence" to "all relevant Israeli, U.S., and EU regulations and controls." > "It's their responsibility at the end of the day," said Krapiva of Access Now. "They claim that they have an oversight system, that they only sell to legitimate clients, and that doesn't seem to be the case."