Citizen Lab found high-confidence indicators that Kenyan authorities used Cellebrite forensic extraction tools on pro-democracy activist Boniface Mwangi’s Samsung phone while it was in police custody in July 2025. Separate investigations also confirmed Intellexa’s Predator spyware infected Angolan journalist Teixeira Cândido’s iPhone in May 2024, highlighting a broader pattern of commercial surveillance tools being abused against civil society. #Cellebrite #Predator
Keypoints
- Citizen Lab found high-confidence evidence that Kenyan authorities used Cellebrite tools to extract data from Boniface Mwangi’s Samsung phone in July 2025.
- The phone was returned unlocked and could have had a full extraction of messages, files, passwords, and other sensitive data.
- Citizen Lab also linked similar Cellebrite use by Jordanian authorities against activists between late 2023 and mid-2025.
- Amnesty confirmed Intellexa’s Predator spyware infected Angolan journalist Teixeira Cândido’s iPhone via a WhatsApp infection link in May 2024.
- Technical analyses show Predator includes anti-analysis and anti-forensics features and is used alongside other commercial tools in targeted government surveillance.
Read More: https://thehackernews.com/2026/02/citizen-lab-finds-cellebrite-tool-used.html