What happened
New research from the University of Toronto’s Citizen Lab shows that Kenyan authorities used a commercial forensic extraction tool made by Israeli company Cellebrite to access the mobile phone of prominent pro-democracy activist Boniface Mwangi while it was in police custody in July 2025. Indicators suggest the device was accessed around July 20-21, and when returned in September 2025 the phone’s password protection had been removed.
Who is affected
The immediate subject of the report is Kenyan activist Boniface Mwangi, who has announced plans to run for president in 2027, but the findings echo a broader pattern of civil society targets, including activists in Jordan and other countries, where similar forensic extraction tools have been documented.
Why CISOs should care
Commercial forensic and surveillance technologies like Cellebrite’s tools are increasingly used by governments and law enforcement to extract data from devices, often beyond traditional legal process frameworks. This trend highlights evolving vendor risk, data protection, and privacy implications for organizations and individuals, particularly where infrastructure or personnel intersect with geopolitical and civil society issues.
3 practical actions
- Review vendor policies: Ensure any digital forensics or investigative tool providers have clear, audited human-rights and lawful-use policies, and verify compliance clauses in contracts.
- Strengthen endpoint encryption: Enforce strong device security policies (biometric + PIN/passphrase) and remote lock/wipe capabilities to reduce the risk of unauthorized access.
- Enhance incident response planning: Incorporate scenarios involving lawful and unlawful device access into tabletop exercises to prepare for potential exploitation or misuse of forensic tools.