Graphite by Paragon: how Israeli Spyware “Cracks” Signal and Telegram Without Touching Encryption

In a world where digital communication privacy seems like the last bastion of freedom, Israeli company Paragon Solutions has created a tool that turns this fortress into paper. Their product, Graphite, is not just spyware—it’s a true weapon of mass surveillance, capable of extracting messages from “unbreakable” messengers like Signal, Telegram, and WhatsApp. And all of this happens without directly breaching the end-to-end encryption that these apps’ developers so proudly tout.

Founded in 2019 by veterans of Israel’s elite Unit 8200 intelligence division—including former Prime Minister Ehud Barak as a co-founder and investor—Paragon positions itself as an “ethical” alternative to the scandal-plagued NSO Group and its Pegasus software. The company claims it sells Graphite exclusively to “democratic” governments and maintains strict controls to prevent abuse. But reality, as always, is harsher than marketing: reports from Citizen Lab, Amnesty International, TechCrunch, and Forbes paint a picture of systematic human rights violations—from surveilling journalists to targeting activists.

How Graphite Works: Not Breaking Encryption, But Compromising the Device

Graphite does not break the end-to-end encryption of Signal or Telegram. It simply… bypasses it. The primary mechanism involves compromising the victim’s endpoint device:

• Zero-click exploits: Infection occurs without any user interaction—for instance, through vulnerabilities in iMessage (as seen with CVE-2025-43200, patched by Apple in iOS 18.3.1) or WhatsApp.
• Once infected, Graphite gains access to decrypted data directly on the phone: it reads messages within apps, extracts contacts, media files, and even data from cloud backups.
• Alternative methods (according to some reports): Extracting data from messenger servers by impersonating the victim’s device or exploiting cloud copies.

This makes Graphite particularly insidious: encryption remains intact during transmission, but on the device, messages are already decrypted for the user—and for the spy as well. Citizen Lab has confirmed: Graphite “enables access to messengers on the device, rather than full phone control.” But that’s enough to turn Signal into an open book.

Scandals and Abuses: From Italy to the United States

Paragon promises “ethics,” but the facts tell a different story:

• The Italian Scandal (2025): WhatsApp detected Graphite attacks on around 90 users, including journalists (Francesco Cancellato of Fanpage.it, Ciro Pellegrino) and activists (Luca Casarini and Giuseppe Caccia of Mediterranea Saving Humans). Citizen Lab confirmed infections on iPhones via zero-click exploits. Italy used Graphite against critics of the Meloni government’s migration policies. Paragon terminated the contract, but too late—a parliamentary investigation confirmed the abuses.
• Europe in Crisis: Amnesty International describes this as a “growing spyware crisis in Europe.” Journalists and human rights defenders in several countries have fallen victim.
• United States: Under Biden, contracts were restricted, but Trump reinstated a $2 million deal with ICE (Immigration and Customs Enforcement) in 2025. Following Paragon’s acquisition by U.S. fund AE Industrial Partners (for $500–900 million in 2024–2025), Graphite became part of the arsenal for DEA and ICE. Critics (EFF, Citizen Lab) warn: this circumvents bans on spyware.

Clients? According to Citizen Lab—governments of the U.S., Israel, Australia, Canada, Cyprus, Denmark, Singapore, and other “democracies.” But “democracy” doesn’t prevent surveillance of opposition figures.

Why This Is Dangerous for Everyone

Graphite is a symptom of a broader problem: commercial spyware has become accessible even to “good” governments. It doesn’t require breaching Signal’s servers (which are indeed secure); it simply infects your phone. And abuses are inevitable—from Italy, where journalists were targeted, to potential use in the U.S. against protesters or immigrants.

Paragon boasts “moral restrictions”—selling only to “democracies” and terminating contracts upon violations. But this is self-deception: once the tool is in government hands, control is lost. NSO Group promised the same—and ended up on blacklists.

Conclusion: Privacy Under Fire

Graphite proves that true privacy in messengers is an illusion if the device is compromised. Signal and Telegram remain the best for encryption, but against state-sponsored hackers with billion-dollar budgets, additional measures are needed: update software immediately, enable Lockdown Mode on iOS, avoid suspicious links/groups, and consider physical devices for critical conversations.

Paragon and its ilk are not “defending democracy”—they are tools of authoritarianism wrapped in democratic packaging. As long as governments buy such software, our privacy remains hostage. It’s time to demand a global ban on commercial spyware, whether Pegasus or Graphite. Because the next victim could be you.