Back

Ontario Police Use Secretive Spyware, Risk Dropping Major Cases

Severity: High (Score: 67.2)

Sources: Ground.News, citizenlab.ca, www.thestar.com, Iphoneincanada.Ca

Published: 2026-05-19 · Updated: 2026-05-20

Keywords: police, ontario, rather, drop, cases, reveal, their

Severity indicators: rat

Summary

Ontario Provincial Police are employing advanced phone-hacking spyware known as on-device investigative tools (ODITs) to access suspects' smartphones. This technology allows police to download data, read encrypted messages, and activate microphones and cameras remotely. To maintain secrecy about the spyware's vendor and capabilities, police have signed agreements to abandon serious criminal cases if required to disclose information. The use of ODITs has raised significant concerns among civil liberties groups, who argue that such secrecy undermines judicial oversight. The software's first notable use was in an auto-theft investigation that resulted in 23 arrests and $9 million in recovered vehicles. Defense lawyers are challenging the constitutionality of the warrants used for these operations, citing a lack of transparency. The RCMP has stated that ODITs are rarely used, but experts highlight the high costs associated with targeting individual devices. The situation continues to evolve as legal challenges and public scrutiny mount. Key Points: • Ontario police use powerful spyware to access suspects' smartphones without consent. • Agreements allow police to drop cases rather than disclose spyware vendor information. • Civil liberties groups criticize the lack of transparency and potential constitutional violations.

Detailed Analysis

**Impact** Ontario Provincial Police (OPP) and other police services across Ontario are using advanced spyware tools to access suspects’ smartphones. This affects criminal investigations within Ontario, including major cases such as an auto-theft probe resulting in 23 arrests and $9 million in recovered vehicles. The secrecy surrounding the spyware vendor and capabilities risks the collapse of prosecutions, impacting law enforcement operations and judicial outcomes. Data at risk includes photos, encrypted messages, keystrokes, and real-time audio/video captured covertly from targeted devices. **Technical Details** The spyware, referred to as “on-device investigative tools” (ODITs), enables remote access to smartphones, including downloading data, reading encrypted communications, recording keystrokes, and activating microphones and cameras without user knowledge. The tools are reportedly operated via the Joint Technical Assistance Centre (JTAC) and may involve the Israeli company Paragon Solutions’ product called Graphite. No specific CVEs or IOCs are disclosed in the articles. The attack vector is direct device compromise through covert spyware deployment, primarily during criminal investigations. **Recommended Response** Defenders should monitor for unusual device behavior such as unauthorized microphone or camera activation and unexpected data exfiltration. Organizations should enforce strict mobile device security policies, including endpoint detection and response (EDR) solutions capable of identifying spyware activity. Law enforcement and judicial entities should ensure transparency and legal oversight of surveillance tools. No specific patches or IOCs are provided in the available information.

Source articles (4)

  • Ontario Police Would Rather Drop Cases Than Reveal Their Phone — Iphoneincanada.Ca · 2026-05-19
    Ontario Provincial Police are using powerful phone-hacking spyware to get inside suspects’ devices, and they are so determined to keep the tech secret that they are willing to let major criminal cases…
  • A First Look At Paragons Proliferating Spyware Operations — citizenlab.ca · 2026-05-19
    Paragon Solutions Ltd. was established in Israel in 2019. The founders of Paragon include Ehud Barak, the former Israeli Prime Minister, and Ehud Schneorson, the former commander of Israel’s Unit 8200…
  • Ontario police are using spyware that lets them remotely take over your smartphone. They’re fighting to keep almost everything about it secret — www.thestar.com · 2026-05-19
  • Ontario police are using spyware that lets them remotely take over your smartphone — Ground.News · 2026-05-19
    The police use of ODITs is so secret that police forces have signed agreements to drop serious criminal investigations rather than reveal the name of their vendor. To view factuality data please Upgra…

Timeline

  • 2025-01-01 — First use of ODITs reported: Ontario police utilized ODITs in an auto-theft investigation, leading to 23 arrests and $9 million in recovered vehicles.
  • 2026-05-19 — Court challenges to ODIT warrants: Defense lawyers argue that police withheld key information from the judge regarding the use of ODITs.
  • 2026-05-19 — Civil liberties groups respond: The Canadian Civil Liberties Association criticizes the secrecy surrounding ODITs, calling them inappropriate for police use.

Related entities

  • Malware (Attack Type)
  • Canada (Country)
  • Israel (Country)
  • Italy (Country)
  • forti.external-staging-02.com (Domain)
  • interceptions.in (Domain)
  • libya.mr (Domain)
  • Government (Industry)
  • 178.237.39.204 (Ipv4)
  • 84.110.122.27 (Ipv4)
  • 84.110.47.82 (Ipv4)
  • 84.110.47.86 (Ipv4)
  • Graphite (Malware)
  • Pegasus (Malware)
  • T1056.001 - Keylogging (Mitre Attack)
  • T1071 - Application Layer Protocol (Mitre Attack)
  • T1123 - Audio Capture (Mitre Attack)
  • T1125 - Video Capture (Mitre Attack)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed