Published in News

Cellebrite spyware ended up on kid's Android

by on03 March 2025
Cellebrite spyware ended up on kid's Android


Serbian authorities taking no chances

Amnesty International has uncovered that a zero-day exploit, sold by the controversial Israeli firm Cellebrite, was used to compromise the Android phone of a Serbian student who does not like the government much.

The exploit chain targeted vulnerabilities in the Linux kernel's USB drivers, enabling attackers with physical access to bypass the device's lock screen and gain privileged access. This sophisticated method affected a wide range of devices due to its focus on core Linux kernel components. 

Amnesty International first identified traces of this exploit in mid-2024 during an investigation unrelated to Serbia. Upon analysing the compromised phone of the 23-year-old student, who regularly participates in Belgrade's ongoing protests, forensic evidence indicated attempts to install an unknown application post-unlocking. This aligns with previous cases where NoviSpy spyware was deployed on devices compromised using Cellebrite tools. 

The exploitation chain used multiple vulnerabilities, including CVE-2024-53104, which was patched in the February 2025 Android Security Bulletin. Two additional vulnerabilities, CVE-2024-53197 and CVE-2024-50302, have been addressed in the upstream Linux kernel but are yet to be incorporated into Android. 

In response to these findings, Cellebrite announced it would cease the use of its digital forensic equipment for certain customers in Serbia.

Donncha Ó Cearbhaill, Head of the Security Lab at Amnesty International, commented on this development, stating, "This new case provides further evidence that the authorities in Serbia have continued their campaign of surveillance of civil society in the aftermath of our report, despite widespread calls for reform, from inside Serbia and beyond, as well as an investigation into the misuse of its product, announced by Cellebrite." 

Amnesty International's December 2024 report had previously documented the Serbian authorities' use of advanced spyware and mobile forensic tools to unlawfully target journalists, environmental activists, and other critics of government policies. The organisation continues to call for comprehensive investigations into the misuse of such technologies and urges manufacturers like Cellebrite to implement stricter controls to prevent human rights abuses. 

Android users are advised to install the February 2025 security updates promptly to mitigate potential risks associated with these vulnerabilities.

Last modified on 03 March 2025
Rate this item
(0 votes)
Tagged under
More in this category: « Google worries about memory bugs Court could shoot GNU »
back to top

Most popular

Latest comments

Read more about: