Toka

Toka is an Israeli surveillance vendor founded in 2018 by Ehud Barak, former Israeli prime minister, and Yaron Rosen, former chief of the Israeli Defence Force cyber staff. The company markets a platform for what it calls IoT and connected device intelligence, positioned for law enforcement and military intelligence customers. Public reporting by Haaretz and Forbidden Stories has documented sales to multiple national governments. The company’s product capability set is positioned in the cleavage between traditional mercenary spyware and the broader connected-device exploitation market.

What it means in practice

Toka’s platform targets internet-connected devices beyond phones and laptops: cars with cellular modems, smart home cameras, fitness trackers, smart TVs, and other consumer IoT. The marketing pitch is that these devices typically have weaker security than phones and that their data, when accessed, provides operational intelligence (location, audio, video) that complements phone-based mercenary spyware. Specific exploitation methods are not publicly documented in the level of detail available for NSO Pegasus or Intellexa Predator.

Specific things to know

Toka’s reported customer list includes Israel itself, several European countries, and at least one African government. The Ehud Barak connection has made the company politically sensitive: critics argue that the involvement of a former prime minister legitimises the broader Israeli mercenary surveillance market. The company’s product capability is also notable because it is positioned ahead of where most defensive security guidance currently operates. Most consumers do not consider their connected refrigerator a threat surface.

Change today

For high-risk individuals, the operational answer is to map connected devices in the household and consider which ones could provide operational intelligence to an adversary. The connected car with continuous location and microphone access is a candidate. The smart home camera with cloud upload is a candidate. The fitness tracker with daily movement export is a candidate. The mitigation is selective: not every household needs to treat its toaster as a threat, but a properly mapped threat model includes more than just the phone.

Related articles

See our coverage of IoT threat modelling for high-risk individuals, connected car telematics in family court discovery, and the Israeli surveillance industry’s diversification into adjacent capability sets.