Skip to Content
logologo
AI Incident Database
Open TwitterOpen RSS FeedOpen FacebookOpen LinkedInOpen GitHub
Open Menu
Discover
Submit
  • Welcome to the AIID
  • Discover Incidents
  • Spatial View
  • Table View
  • List view
  • Entities
  • Taxonomies
  • Submit Incident Reports
  • Submission Leaderboard
  • Blog
  • AI News Digest
  • Risk Checklists
  • Random Incident
  • Sign Up
Collapse
Discover
Submit
  • Welcome to the AIID
  • Discover Incidents
  • Spatial View
  • Table View
  • List view
  • Entities
  • Taxonomies
  • Submit Incident Reports
  • Submission Leaderboard
  • Blog
  • AI News Digest
  • Risk Checklists
  • Random Incident
  • Sign Up
Collapse

Incident 961: Serbian Authorities Allegedly Used AI-Powered Cellebrite Tools to Unlock Journalist’s Phone and Install Spyware

Description: Serbian authorities allegedly used Cellebrite’s AI-powered forensic tools to unlock journalists’ and activists’ phones without consent. They reportedly then installed NoviSpy, a newly discovered spyware. That then purportedly allowed covert data extraction, remote microphone and camera activation, and surveillance. Amnesty International uncovered forensic evidence linking Serbia’s Security Information Agency (BIA) to these attacks. Cellebrite halted sales to Serbia after the report.
Editor Notes: Amnesty International's report can be accessed at the following URL: https://www.amnesty.org/en/documents/eur70/8813/2024/en/. The BIA's brief response to the report can be read here: https://www.bia.gov.rs/mediji/saopstenja-za-javnost/saopstenje-bia-16-12-2024-godine/. In terms of the timeline of events, it is reported Serbian authorities were using Cellebrite between 2021 and 2024. In February 2024, they reportedly targeted the journalist Slaviša Milanov; between July and November 2024 there were reportedly at least nine activists who were detained or questioned and had their phones and computers seized, with allegations that the Serbian security services used the Cellebrite UFED forensic tools to extract data from the devices and, reportedly in some cases, they had installed NoviSpy. Between July and August 2024, when anti-lithium mining protests took place, Serbian authorities reportedly arrested 33 activists and seized their devices for forensic searches. In October 2024, an activist from the NGO Krokodil had, according to Amnesty International's forensic analysis, NoviSpy installed on their device while being interviewed by the BIA. On December 16, 2024, Amnesty published their report (which is being used for this incident ID's date). In response, Cellebrite halted their sales to Serbia, which they announced on February 25, 2025. It is also reported that Google Project Zero and the Threat Analysis Group have confirmed a zero-day vulnerability in Android exploited by Serbian authorities, which was later patched.

Tools

New ReportNew ReportNew ResponseNew ResponseDiscoverDiscoverView HistoryView History

Entities

View all entities
Alleged: Serbian Security Information Agency (BIA) and Cellebrite developed an AI system deployed by Serbian Security Information Agency (BIA) , Serbian police and Government of Serbia, which harmed Slaviša Milanov , Nikola Ristić , Krokodil , Journalists in Serbia , Human rights defenders in Serbia , Environmental activists in Serbia , Dissidents in Serbia and Civil society organizations in Serbia.
Alleged implicated AI systems: Zero-day exploits on Android , NoviSpy and Cellebrite UFED

Incident Stats

Incident ID
961
Report Count
7
Incident Date
2024-12-16
Editors
Daniel Atherton

Incident Reports

Reports Timeline

+4
“A Digital Prison”: Surveillance and the suppression of civil society in Serbia executive summary
+2
Georgia to purchase Israeli data extraction tech amid street protest crackdown
“A Digital Prison”: Surveillance and the suppression of civil society in Serbia executive summary

“A Digital Prison”: Surveillance and the suppression of civil society in Serbia executive summary

securitylab.amnesty.org

Serbia used Israeli firm’s tech to enable spy campaign, Amnesty says

Serbia used Israeli firm’s tech to enable spy campaign, Amnesty says

reuters.com

Serbia: Authorities using spyware and Cellebrite forensic extraction tools to hack journalists and activists

Serbia: Authorities using spyware and Cellebrite forensic extraction tools to hack journalists and activists

securitylab.amnesty.org

Srbija: Vlasti koriste špijunske softvere i forenzičke alate kompanije Cellebrite za hakovanje novinara i aktivista

Srbija: Vlasti koriste špijunske softvere i forenzičke alate kompanije Cellebrite za hakovanje novinara i aktivista

securitylab.amnesty.org

Georgia to purchase Israeli data extraction tech amid street protest crackdown

Georgia to purchase Israeli data extraction tech amid street protest crackdown

reuters.com

Cellebrite zero-day exploit used to target phone of Serbian student activist

Cellebrite zero-day exploit used to target phone of Serbian student activist

securitylab.amnesty.org

Israeli company bans Serbia from using spyware because it was used against journalists and activists

Israeli company bans Serbia from using spyware because it was used against journalists and activists

24sata.info

“A Digital Prison”: Surveillance and the suppression of civil society in Serbia executive summary
securitylab.amnesty.org · 2024

This is the Executive Summary of Amnesty International's report on surveillance and the suppression of civil society in Serbia. Please click here for the full report in PDF format.

You can read the Executive Summary in Serbian, French or Sp…

Serbia used Israeli firm’s tech to enable spy campaign, Amnesty says
reuters.com · 2024

BELGRADE/LONDON, Dec 16 (Reuters) - Serbian officials installed homegrown spyware on the phones of dozens of journalists and activists, Amnesty International said in a report, opens new tab released on Monday, citing digital forensic eviden…

Serbia: Authorities using spyware and Cellebrite forensic extraction tools to hack journalists and activists
securitylab.amnesty.org · 2024

This press release is also available in Serbian "Srbija: Vlasti koriste špijunske softvere i forenzičke alate kompanije Cellebrite za hakovanje novinara i aktivista".

We have published the report's Executive Summary as a webpage. The full r…

Srbija: Vlasti koriste špijunske softvere i forenzičke alate kompanije Cellebrite za hakovanje novinara i aktivista
securitylab.amnesty.org · 2024

Policija i obaveštajne službe u Srbiji koriste moderan špijunski softver za mobilne uređaje zajedno sa mobilnim forenzičkim alatima kako bi nezakonito targetirali novinare, ekološke aktiviste i druge pojedince u kampanji tajnog nadzora, otk…

Georgia to purchase Israeli data extraction tech amid street protest crackdown
reuters.com · 2025

Feb 27 (Reuters) - Georgia has moved to renew contracts with Israeli technology firm Cellebrite DI Ltd for software used to extract data from mobile devices, procurement documents show, as the country grapples with ongoing anti-government s…

Cellebrite zero-day exploit used to target phone of Serbian student activist
securitylab.amnesty.org · 2025

Amnesty International's Security Lab, in collaboration with Amnesty's European Regional Office, has uncovered a new case of misuse of a Cellebrite product to break into the phone of a youth activist in Serbia. The attack closely matches the…

Israeli company bans Serbia from using spyware because it was used against journalists and activists
24sata.info · 2025
AI Translated

As reported in Haaretz in December 2024, researchers at Amnesty Tech, the technology arm of the international human rights group, discovered that Serbia had managed to exploit technology made by Cellebrite to bypass the security mechanisms …

Variants

A "variant" is an incident that shares the same causative factors, produces similar harms, and involves the same intelligent systems as a known AI incident. Rather than index variants as entirely separate incidents, we list variations of incidents under the first similar incident submitted to the database. Unlike other submission types to the incident database, variants are not required to have reporting in evidence external to the Incident Database. Learn more from the research paper.

Similar Incidents

By textual similarity

Did our AI mess up? Flag the unrelated incidents

Defamation via AutoComplete

Defamation via AutoComplete

Apr 2011 · 28 reports
Predictive Policing Biases of PredPol

Predictive Policing Biases of PredPol

Nov 2015 · 17 reports
Alleged Issues with Proctorio's Remote-Testing AI Prompted Suspension by University

Alleged Issues with Proctorio's Remote-Testing AI Prompted Suspension by University

Jan 2020 · 6 reports
Previous IncidentNext Incident

Similar Incidents

By textual similarity

Did our AI mess up? Flag the unrelated incidents

Defamation via AutoComplete

Defamation via AutoComplete

Apr 2011 · 28 reports
Predictive Policing Biases of PredPol

Predictive Policing Biases of PredPol

Nov 2015 · 17 reports
Alleged Issues with Proctorio's Remote-Testing AI Prompted Suspension by University

Alleged Issues with Proctorio's Remote-Testing AI Prompted Suspension by University

Jan 2020 · 6 reports

Research

  • Defining an “AI Incident”
  • Defining an “AI Incident Response”
  • Database Roadmap
  • Related Work
  • Download Complete Database

Project and Community

  • About
  • Contact and Follow
  • Apps and Summaries
  • Editor’s Guide

Incidents

  • All Incidents in List Form
  • Flagged Incidents
  • Submission Queue
  • Classifications View
  • Taxonomies

2024 - AI Incident Database

  • Terms of use
  • Privacy Policy
  • Open twitterOpen githubOpen rssOpen facebookOpen linkedin
  • ecd56df