Cellebrite: The Israeli Phone-Hacking Company Used Against Dissidents Worldwide

OPSECOperational security is the practice of minimizing information leaks across behavior, devices, accounts, payments, and routines that can expose identity or intent.Glossary →SurveillanceMarch 2026~9 min read

Key points

  • Cellebrite sells phone extraction and analysis tools to police and government clients worldwide.
  • It calls them forensics. In practice they exploit devices after seizure.
  • If you cross borders, attend protests, or face political targeting, treat your phone as a liability.
1999
Founded
cellebrite.com
UFED
Core product line
cellebrite.com
Serbia
Recent abuse reporting
amnesty.org
Seized devices
Primary access model
eff.org

Cellebrite calls itself a forensics vendor. That misses the point. Its main products are used after the state gets your phone in hand and starts pulling your life out of it.

The name most people know is UFED, short for Universal Forensic Extraction Device. Cellebrite also sells Physical Analyzer and extraction services. The real risk starts when those tools spread through police, customs, border agencies, and intelligence-linked institutions.

1
Cellebrite needs capture, not consent. Unlike Pegasus-style spyware, Cellebrite usually needs the device in hand. That still matters. Many people assume a locked phone stays mostly safe after seizure. Modern phone forensics is built to break that assumption.
2
The company has been tied to repression cases. Amnesty International reported in 2024 that Serbian authorities used Cellebrite tools to unlock devices belonging to activists and journalists, then paired that access with Android spyware called NoviSpy.
3
Extraction reaches beyond visible chats. A successful pull can expose app databases, deleted media traces, Wi-Fi history, browser artifacts, contacts, and location clues. End-to-end encryption does not help much once the endpoint is unlocked.
4
The real danger is concentration. Many people keep activism, money, identity, passwords, and recovery channels on one phone. A forensic dump can show what you said, who you know, and which accounts can be reset.
5
Defense starts before seizure. Use strong passcodes, cut back on biometrics, keep sensitive archives off phones, and power devices down before crossings.

The Public Record Is Clear

Cellebrite has openly marketed extraction tools for years. Its product material says it supports iPhones, Android devices, app artifacts, and cloud-linked evidence flows. In 2021, Signal's Moxie Marlinspike publicly discussed weaknesses in Cellebrite's software stack. These tools are powerful. They are not magic.

$Operational takeaway
Best practice
Use a separate travel phone with minimal accounts and no historical archives.
Passcode rule
Prefer 10+ character alphanumeric codes over short PINs.
Checkpoint habit
Power devices down before border or detention exposure.
Compartment rule
Do not keep activism, personal identity, and financial access on one handset.

Reduce the Blast Radius

Do not build your whole life around one device. If your work is sensitive, split it up: a personal phone, a travel phone, and a higher-risk device. Also know the limit of app-level privacy promises. Signal, GrapheneOS hardening, and Lockdown Mode help, but none makes a captured, unlocked endpoint safe.

Frequently Asked Questions

What is Cellebrite?

Cellebrite is an Israeli digital intelligence company known for phone extraction and forensic tools such as UFED and Physical Analyzer, used by police and government clients.

Why do privacy-focused users care about Cellebrite?

Because its tools pull data from seized phones and turn messages, app data, photos, contacts, and location artifacts into searchable intelligence.

Has Cellebrite technology been linked to abuse?

Yes. Amnesty International and others have reported Cellebrite tools used by authorities accused of targeting activists and journalists, including in Serbia.

Can a strong passcode still help?

Yes. Long alphanumeric passcodes, less use of biometrics, compartmented devices, and powering down before risky crossings all raise the cost of extraction.

← PreviousCounter-Surveillance: How to Find Hidden Cameras, Trackers, and Listening DevicesNext →The Israeli Surveillance Tech Complex: Unit 8200, Spyware Firms, and the VCs Behind Them

Related