Toka
Toka Cyber · Israel
Confidence 3/5
Technical capabilities
Toka publicly positions itself as a provider of “lawful cyber capabilities” to government and law-enforcement customers. The product focus is documented in Forbes reporting and in subsequent industry analysis: targeted exploitation of Internet-of-Things devices including connected vehicles, smart cameras, security systems, smart home equipment and broader networked infrastructure.
The differentiation versus mobile-phone-focused mercenary spyware vendors (NSO, Intellexa, Cytrox) is the IoT and embedded-device target surface. Toka marketing materials and Forbes reporting indicate capabilities for camera-feed access, microphone activation in IoT devices, location data extraction from connected vehicles, and persistent footholds in networked appliances.
Documented use
- Israeli law enforcement and intelligence: confirmed customer per Haaretz reporting. Israeli Privacy Protection Authority opened scrutiny in 2022 to 2023 over alleged warrantless use against Israeli citizens.
- Western government customers: per Forbes Thomas Brewster reporting (2021, 2022), Toka has marketed to and sold capabilities to undisclosed Western government customers including reported European intelligence and defense agencies.
- Sales process: per Toka public statements, sales are restricted to “vetted democratic governments” with internal ethics review. Independent verification of this process is limited.
Customer states
Toka does not publicly disclose its customer list. Confirmed via Israeli press: Israeli police and IDF. Forbes reporting indicates additional Western European government customers. The company stated in 2022 that it does not sell to non-democratic states, although this claim is not independently verifiable.
Toka’s founder lineage (Ehud Barak as former Israeli prime minister, Yaron Rosen as former IDF Cyber Command head) signals a profile of state-aligned commercial cyber operations, similar in lineage profile to NSO Group (ex-Unit 8200), QuaDream and other Israeli mercenary cyber vendors.
Legal and sanctions status
- Not on the US Department of Commerce Entity List.
- Not designated by US OFAC.
- Subject to Israeli Defense Export Controls Agency (DECA) licensing.
- Subject to Israeli Privacy Protection Authority scrutiny regarding domestic law-enforcement use (2022 to 2023).
Technical countermeasures
- Audit IoT exposure: enumerate smart-home devices on your network. Each is a potential foothold. Disable internet-facing access where the function does not require it.
- Connected-vehicle awareness: modern vehicles maintain persistent cellular connections and location histories. For high-risk threat models, factory infotainment systems can be a collection surface.
- Network segmentation: place IoT devices on a separate VLAN or guest network from primary computing.
- Firmware updates: many Toka-class capabilities target unpatched vulnerabilities in commodity IoT firmware. Maintain firmware updates and replace end-of-life devices.
- Camera and microphone discipline: cover or physically disable cameras when not in use. Disconnect networked microphones in sensitive contexts.
- Vendor selection: prefer IoT vendors with documented security-update commitments and bug-bounty programs.
Sources
- Forbes, Inside the Israeli spy firm hacking into iPhones, Androids and smart cars (Thomas Brewster, December 2021)
- Haaretz, Israeli police use of Toka capabilities (2022 to 2023)
- Israeli Privacy Protection Authority, Police surveillance scrutiny
- Toka Cyber Labs, Corporate website
- Crunchbase, Toka funding history
- Privacy International, Surveillance Industry Index
Update log
May 9, 2026: Entry created. Sourced from Forbes Thomas Brewster investigations, Haaretz coverage of Israeli police usage, Israeli Privacy Protection Authority communications, and Toka corporate disclosures.
There’s no perfect setup. Anyone selling you perfect is selling fear. The goal is simple: make yourself a harder target than the person next to you.
