Jordan used Cellebrite phone-hacking tools against activists critical of Gaza war, report finds

Jordanian authorities used Cellebrite digital forensic software to extract data from phones belonging to at least seven Jordanian activists and human rights defenders between late 2023 and mid 2025, according to a new report.

The findings, published by Citizen Lab Thursday, are based on the research institute’s digital forensic analysis of seized phones in four cases and Jordanian court records in three cases. Three of the devices forensically analyzed by Citizen Lab are iPhones and one is an Android, according to the report.

All of the data extractions surfaced by Citizen Lab occurred while the activists were being interrogated or detained by authorities for speech critical of Israel’s campaign against Gaza, the report says.

Cellebrite, which is headquartered in Israel, develops software used by law enforcement worldwide to crack into locked phones. It has helped the FBI extract data belonging to suspects in notorious cases, including a device belonging to the man accused of trying to assassinate Donald Trump in 2024.

While the report details only seven cases, Citizen Lab says it is aware of dozens of other cases of Jordanian authorities using Cellebrite against members of civil society. The research institute has previously tested Jordanian activists’ phones and said it believes that authorities have been deploying Cellebrite since at least 2020.

Jordan has been cracking down on activists since at least 2015, when it enacted a cybercrime law criminalizing some online speech. A 2023 update to that law broadened the scope of illegal speech to include language that “defames, slanders, or shows contempt for any individual.”

Cellebrite can extract data including chats, files, photos, videos, location history, saved passwords, WiFi history, phone logs, email, web history, social media accounts, third-party applications’ data and even data that a phone’s owner has tried to delete.

The platform uses brute-force style attacks as well as more advanced exploit-based operations to get past device security and encryption. Even when it is not needed to crack a passcode, governments use Cellebrite to “facilitate data extraction and visualization,” the report says.

Jordan is not the only country to have been found abusing Cellebrite. In December 2024, Amnesty International published evidence showing that Serbian authorities used Cellebrite to secretly unlock phones belonging to a journalist and an activist and plant spyware on their devices while they were being held by law enforcement.

Citizen Lab cited additional reports of Cellebrite being abused to spy on members of civil society by governments in Russia, Nigeria, Botswana, Myanmar and Italy.  Cellebrite also has sold its software to autocrats in Belarus, Bangladesh, China, Hong Kong and Venezuela, the report says.

The research institute reached out to a Cellebrite spokesperson for comment and shared a statement from the company with journalists.

The spokesperson did not deny Citizen Lab’s findings in Jordan and said that “as a matter of policy, we do not comment on specifics.”

“The company vets potential customers against internal human rights parameters, leading us to

historically cease business in jurisdictions where risks were deemed incompatible with our corporate values,” the statement said. “We license technology solely for lawful purposes, requiring customers to explicitly certify they possess valid legal authority prior to usage.”

“We take seriously all allegations of potential misuse of our technology in ways that would run counter to both explicit and implied conditions outlined in our end-user agreement.”

Citizen Lab said it uncovered iOS and Android indicators of compromise tied to Cellebrite in all four phones it forensically analyzed.

The activists were forced to open their phones for authorities using Face ID or their passcodes. In one case, an activist picked up their phone after being detained and found their device’s passcode written on a piece of tape stuck to the back of their phone, the report says. That activist never provided authorities with their passcode.

The court records obtained by Citizen Lab are tied to prosecutions of activists accused of violating the country’s cybercrime law, the report says.

Each court record includes a “technical report prepared by Jordan’s Criminal Investigations Department that contains a summary of the forensic extraction conducted on the seized devices,” according to Citizen Lab.

Citizen Lab said it has asked Cellebrite to consider watermarking devices it targets with unique identifiers tied to specific customers in a bid to increase accountability and make abuse easier to detect.