Jordan Used Phone Hacking Tools Against Gaza War Critics—Here's How

When Jordanian authorities released one activist after interrogation, they had written his phone's passcode on tape stuck to the back of his device. He had never told them the code. They had already broken in.

According to a new report from Citizen Lab at the University of Toronto, Jordanian authorities used Cellebrite digital forensic software against at least seven activists and human rights defenders between late 2023 and mid 2025. Every documented case occurred while the targets were being interrogated or detained for speech critical of Israel's campaign against Gaza.

The researchers say they are aware of dozens of additional cases beyond those documented in the report.

What Cellebrite Can Extract

Cellebrite, headquartered in Israel, develops software that enables law enforcement to access locked phones. The company markets its tools for legitimate criminal investigations. But the technology does not care about intent.

Once connected to a device, Cellebrite can extract chats, files, photos, videos, location history, saved passwords, WiFi history, phone logs, email, web history, social media accounts, third party application data—and even data the phone's owner has tried to delete.

For a government targeting dissidents, this is comprehensive surveillance in a single tool. Every private conversation. Every contact. Every place you have been. Every thought you committed to text and later tried to erase.

A Pattern of Abuse

Jordan is not an isolated case. Citizen Lab's research documents Cellebrite abuse in Serbia, Russia, Nigeria, Botswana, Myanmar, and Italy. The common thread is not crime fighting—it is targeting journalists, activists, and political opponents.

Cellebrite's response to these reports follows a familiar pattern. The company says it "vets potential customers against internal human rights parameters" and "licenses technology solely for lawful purposes." Yet the abuses continue.

Human rights organizations have documented how Cellebrite technology enables "detentions, prosecutions, and harassment of journalists, civil rights activists, dissidents, and minorities around the world." The company's client list includes what researchers describe as "a host of oppressive regimes, some of whom are under sanctions."

The Gaza Connection

The timing in Jordan is significant. All documented extractions occurred while activists were detained specifically for criticizing the Gaza war. Their phones were not searched as part of criminal investigations into violence or threats. They were searched because the activists expressed political opinions.

This connects to a broader pattern. During the conflict, Israeli forces used Cellebrite tools to harvest data from thousands of Palestinians captured from Gaza. The company reportedly received Pentagon funding to develop products that help identify and map Hamas operatives.

The same technology serves both military intelligence and authoritarian domestic surveillance. The line between legitimate security and political repression depends entirely on who holds the phone.

Why Your Phone Is Vulnerable

Modern smartphones contain more personal information than any diary, filing cabinet, or photo album in history. We trust them with our most private thoughts, our locations, our relationships, our political views. We assume that passcode protects everything.

Companies like Cellebrite exploit security vulnerabilities to bypass that protection. Sometimes they buy exploits from researchers. Sometimes they develop them internally. The result is the same: your phone's security is not absolute.

For most people in stable democracies, this is a theoretical concern. For journalists, activists, and anyone who might attract government attention, it is a daily operational risk.

Protecting Yourself

If you operate in a high risk environment, assume your phone can be compromised during detention. Use encrypted messaging apps that offer disappearing messages. Do not store sensitive contacts under real names. Consider what would happen if every file on your device were read by hostile authorities.

Keep your device updated—many Cellebrite exploits target older software versions. Use a strong alphanumeric passcode rather than a simple PIN. Enable full disk encryption. Be aware that deleted data can often be recovered.

Most importantly, understand that technical measures have limits. If authorities physically control your device for extended periods, they have significant advantages. Operational security means minimizing what sensitive data ever reaches your phone in the first place.

The Accountability Gap

Cellebrite sells to governments worldwide while claiming no responsibility for how those governments use its tools. This is the fundamental problem with commercial surveillance technology. The company profits from sales to repressive regimes, then issues statements about licensing "solely for lawful purposes."

But lawful according to whom? Authoritarian governments write laws that criminalize dissent. Under their legal frameworks, targeting activists is perfectly lawful. Cellebrite's human rights vetting clearly fails to prevent documented abuses.

Until surveillance companies face real consequences for enabling repression—not just bad press but actual penalties—this pattern will continue. The business model depends on it.