Tag: Cellebrite

Cellebrite cut off Serbia citing abuse of its phone unlocking tools. Why not others? | TechCrunch

[ad_1]

Last year, the phone hacking tool maker Cellebrite announced it had suspended Serbian police as customers, after human rights researchers alleged local police and intelligence agencies used its tools to hack into the phones of a journalist and an activist, and plant spyware.

This was a rare example of Cellebrite publicly cutting off a customer following documented allegations of abuse, citing Amnesty International’s technical report for its decision.

But following recent similar accusations of abuse in Jordan and Kenya, the Israeli-headquartered company responded by dismissing the allegations and declining to commit to investigating them. It’s unclear why Cellebrite has changed its approach, which appears contrary to its previous actions.

On Tuesday, researchers at The University of Toronto’s Citizen Lab published a report alleging the Kenyan government used Cellebrite’s tools to unlock the phone of Boniface Mwangi, a local activist and politician, while he was in police custody. In another report from January, the Citizen Lab accused the Jordanian government of breaking into the phones of several local activists and protesters using Cellebrite’s tools.

In both investigations, the Citizen Lab, an organization that has investigated abuses of spyware and hacking technologies around the world, based their conclusions on finding traces of a specific application linked to Cellebrite on the victims’ phones.

The researchers said that those traces are a “high confidence” signal that someone used Cellebrite’s unlocking tools on the phones in question, because the same application had been previously found on VirusTotal, a malware repository, and was signed with digital certificates owned by Cellebrite.

Other researchers have also linked the same application to Cellebrite.

“We do not respond to speculation and encourage any organization with specific, evidence-based concerns to share them with us directly so we can act on them,” Victor Cooper, a spokesperson for Cellebrite, told TechCrunch in an email.

When asked why Cellebrite is acting differently from the Serbia case, Cooper said “the two situations are incomparable,” and that, “high confidence is not direct evidence.”

Cooper did not respond to multiple follow-up emails asking if Cellebrite would investigate the Citizen Lab’s latest report, and what, if any, differences there are with its case in Serbia.

Contact Us

Do you have more information about Cellebrite, or other similar companies? From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram, Keybase and Wire @lorenzofb, or by email .

In both its Kenya and Jordan investigations, the Citizen Lab reached out to Cellebrite in advance of publishing the reports to provide the company with a right to respond.

In response to the Jordan report, Cellebrite said that “any substantiated use of our tools in violation of human rights or local law will result in immediate disablement,” but did not commit to investigating the case and declined to disclose specific information about customers.

For the Kenya report, however, Cellebrite acknowledged receipt of Citizen Lab’s inquiry but did not comment, according to John Scott-Railton, one of the Citizen Lab researchers who worked on the Cellebrite investigations.

“We urge Cellebrite to release the specific criteria they used to approve sales to Kenyan authorities, and disclose how many licenses have been revoked in the past,” Scott-Railton told TechCrunch. “If Cellebrite is serious about their rigorous vetting, they should have no problem making it public.”

Following previous reports of abuse, Cellebrite, which claims to have more than 7,000 law enforcement customers around the world, cut off relationships with Bangladesh and Myanmar, as well as Russia and Belarus during 2021. Cellebrite previously said it stopped selling to Hong Kong and China following U.S. government regulations restricting the export of sensitive technologies to the country. Local activists in Hong Kong had accused the authorities of using Cellebrite to unlock protesters’ phones.

[ad_2]

Lorenzo Franceschi-Bicchierai

Source link

February 19, 2026
Apple’s latest iPhone security feature just made life more difficult for spyware makers | TechCrunch

[ad_1]

Buried in an ocean of flashy novelties announced by Apple this week, the tech giant also revealed new security technology for its latest iPhone 17 and iPhone Air devices. This new security technology was made specifically to fight against surveillance vendors and the types of vulnerabilities they rely on the most, according to Apple.

The feature is called Memory Integrity Enforcement (MIE) and is designed to help stop memory corruption bugs, which are some of the most common vulnerabilities exploited by spyware developers and makers of phone forensic devices used by law enforcement.

“Known mercenary spyware chains used against iOS share a common denominator with those targeting Windows and Android: they exploit memory safety vulnerabilities, which are interchangeable, powerful, and exist throughout the industry,” Apple wrote in its blog post.

Cybersecurity experts, including people who make hacking tools and exploits for iPhones, tell TechCrunch that this new security technology could make Apple’s newest iPhones some of the most secure devices on the planet. The result is likely to make life harder for the companies that make spyware and zero-day exploits for planting spyware on a target’s phone or extracting data from them.

“The iPhone 17 is probably now the most secure computing environment on the planet that is still connected to the internet,” a security researcher, who has worked on developing and selling zero-days and other cyber capabilities to the U.S. government for years, told TechCrunch.

The researcher told TechCrunch that MIE will raise the cost and time to develop their exploits for the latest iPhones, and consequently up their prices for paying customers.

“This is a huge deal,” said the researcher, who asked to remain anonymous to discuss sensitive matters. “It’s not hack proof. But it’s the closest thing we have to hack proof. None of this will ever be 100% perfect. But it raises the stakes the most.”

Contact Us

Do you develop spyware or zero-day exploits and are studying studying the potential effects of Apple’s MIE? We would love to learn how this affects you. From a non-work device, you can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, or via Telegram and Keybase @lorenzofb, or email . You also can contact TechCrunch via SecureDrop.

Jiska Classen, a professor and researcher who studies iOS at the Hasso Plattner Institute in Germany, agreed that MIE will raise the cost of developing surveillance technologies.

Classen said this is because some of the bugs and exploits that spyware companies and researchers have that currently work will stop working once the new iPhones are out and MIE is implemented.

“I could also imagine that for a certain time window some mercenary spyware vendors don’t have working exploits for the iPhone 17,” said Classen.

“This will make their life arguably infinitely more difficult,” said Patrick Wardle, a researcher who runs a startup that makes cybersecurity products specifically for Apple devices. “Of course that is said with the caveat that it’s always a cat-and-mouse game.”

Wardle said people who are worried about getting hacked with spyware should upgrade to the new iPhones.

The experts TechCrunch spoke to said MIE will reduce the efficacy of both remote hacks, such as those launched with spyware like NSO Group’s Pegasus and Paragon’s Graphite. It will also help to protect against physical device hacks, such as those performed with phone unlocking hardware like Cellebrite or Graykey.

Taking on the “majority of exploits”

Most modern devices, including the majority of iPhones today, run software written in programming languages that are prone to memory-related bugs, often called memory overflow or corruption bugs. When triggered, a memory bug can cause the contents of memory from one app to spill into other areas of a user’s device where it shouldn’t go.

Memory-related bugs can allow malicious hackers to access and control parts of a device’s memory that they shouldn’t be permitted to. The access can be used to plant malicious code that’s capable of gaining broader access to a person’s data stored in the phone’s memory, and exfiltrating it over the phone’s internet connection.

MIE aims to defend against these kinds of broad memory attacks by vastly reducing the attack surface in which memory vulnerabilities can be exploited.

According to Halvar Flake, an expert in offensive cybersecurity, memory corruptions “are the vast majority of exploits.”

MIE is built on a technology called Memory Tagging Extension (MTE), originally developed by chipmaker Arm. In its blog post, Apple said over the past five years it worked with Arm to expand and improve the memory safety features into a product called Enhanced Memory Tagging Extension (EMTE).

MIE is Apple’s implementation of this new security technology, which takes advantage of Apple having complete control of its technology stack, from software to hardware, unlike many of its phone-making competitors.

Google offers MTE for some Android devices; the security-focused GrapheneOS, a custom version of Android, also offers MTE.

But other experts say Apple’s MIE goes a step further. Flake said the Pixel 8 and GrapheneOS are “almost comparable,” but the new iPhones will be “the most secure mainstream” devices.

MIE works by allocating each piece of a newer iPhone’s memory with a secret tag, effectively its own unique password. This means only apps with that secret tag can access the physical memory in the future. If the secret doesn’t match, the security protections kick in and block the request, the app will crash, and the event is logged.

That crash and log is particularly significant since it’s more likely for spyware and zero-days to trigger a crash, making it easier for Apple and security researchers investigating attacks to spot them.

“A wrong step would lead to a crash and a potentially recoverable artifact for a defender,” said Matthias Frielingsdorf, the vice president of research at iVerify, a company that makes an app to protect smartphones from spyware. “Attackers already had an incentive to avoid memory corruption.”

Apple did not respond to a request for comment.

MIE will be on by default system wide, which means it will protect apps like Safari and iMessage, which can be entry points for spyware. But third-party apps will have to implement MIE on their own to improve protections for their users. Apple released a version of EMTE for developers to do that.

In other words, MIE is a huge step in the right direction, but it will take some time to see its impact, depending on how many developers implement it and how many people buy new iPhones.

Some attackers will inevitably still find a way.

“MIE is a good thing and it might even be a big deal. It could significantly raise the cost for attackers and even force some of them out of the market,” said Frielingsdorf. “But there are going to be plenty of bad actors that can still find success and sustain their business.”

“As long as there are buyers there will be sellers,” said Frielingsdorf.

[ad_2]

Lorenzo Franceschi-Bicchierai, Zack Whittaker

Source link

September 11, 2025
Is Cellebrite (CLBT) Poised to Re-Accelerate in 2026?

[ad_1]

Voss Capital, LLC, an investment management company, released its second-quarter 2025 investor letter. A copy of the letter can be downloaded here. Voss Capital’s funds, Voss Value Fund, LP, and the Voss Value Offshore Fund, Ltd returned +1.0% and +0.6% to investors net of fees and expenses respectively, in the second quarter compared to a +8.5% return for the Russell 2000 Index, +5.0% return for the Russell 2000 Value Index, and +10.9% return for the S&P 500 Index. The Voss Value Master Fund’s total gross exposure stood at 165.6% and the net long exposure was 68.9% as of June 30, 2025. The weight of the fund’s top 10 longs was 66.9% and the top 10 shorts were -40.8%. In addition, you can check the fund’s top 5 holdings to determine its best picks for 2025.

In its second-quarter 2025 investor letter, Voss Capital highlighted stocks such as Cellebrite DI Ltd. (NASDAQ:CLBT). Headquartered in Petah Tikva, Israel, Cellebrite DI Ltd. (NASDAQ:CLBT) is a software company that develops solutions for legally sanctioned investigations. The one-month return of Cellebrite DI Ltd. (NASDAQ:CLBT) was 17.81%, and its shares lost 2.89% of their value over the last 52 weeks. On August 27, 2025, Cellebrite DI Ltd. (NASDAQ:CLBT) stock closed at $16.47 per share, with a market capitalization of $4.026 billion

Voss Capital stated the following regarding Cellebrite DI Ltd. (NASDAQ:CLBT) in its second quarter 2025 investor letter:

“Cellebrite DI Ltd. (NASDAQ:CLBT), the leading provider of digital forensics software used by law enforcement and government agencies worldwide, reported results that were about as constructive as we could have hoped for given the stock’s 50% drop from earlier in the year. Management cut revenue guidance by just 1% and raised EBITDA guide by 2%, while ARR was trimmed by ~4% (or $20M) due primarily to federal budget timing issues. While the ARR reset is concerning on the surface, we believe it is largely a prudent derisking exercise under the company’s new CFO, with cuts significant enough to reset expectations lower but not so large as to suggest systemic weakness. This leaves the stock positioned for potential beats in the back half of the year as federal contracts normalize. Importantly, gross margins remain exceptionally strong relative to software peers (subscription margins above 90%), billings growth has reaccelerated to 25% and now exceeds revenue and ARR growth, and free cash flow continues to outpace EBITDA by more than 30% thanks to low capex, favorable working capital dynamics, and R&D tax credits— underscoring CLBT’s pristine quality of earnings.

Bloom Energy (BE) Rides AI Data Center Boom but Faces Cash Burn Risks

Cellebrite DI Ltd. (NASDAQ:CLBT) is not on our list of 30 Most Popular Stocks Among Hedge Funds. As per our database, 38 hedge fund portfolios held Cellebrite DI Ltd. (NASDAQ:CLBT) at the end of the first quarter, which was 30 in the previous quarter. Cellebrite DI Ltd. (NASDAQ:CLBT) reported revenue of $113.3 million in Q2 2025, up 18% from Q2 2024, driven by subscription revenue growth of 21%. While we acknowledge the potential of Cellebrite DI Ltd. (NASDAQ:CLBT) as an investment, we believe certain AI stocks offer greater upside potential and carry less downside risk. If you’re looking for an extremely undervalued AI stock that also stands to benefit significantly from Trump-era tariffs and the onshoring trend, see our free report on the best short-term AI stock.

In another article, we covered Cellebrite DI Ltd. (NASDAQ:CLBT) and shared the list of best stocks under $20 to buy for the long term. In addition, please check out our hedge fund investor letters Q2 2025 page for more investor letters from hedge funds and other leading investors.

READ NEXT: The Best and Worst Dow Stocks for the Next 12 Months and 10 Unstoppable Stocks That Could Double Your Money.

Disclosure: None. This article is originally published at Insider Monkey.

[ad_2]

Source link

August 28, 2025