Associated Incidents
As reported in Haaretz in December 2024, researchers at Amnesty Tech, the technology arm of the international human rights group, discovered that Serbia had managed to exploit technology made by Cellebrite to bypass the security mechanisms of smartphones and infect them with malware.
Cellebrite sells digital forensics technology to law enforcement agencies, including technologies that can hack into locked or powered-off smartphones and extract confidential and encrypted information from them.
Like spyware, Cellebrite’s platforms exploit a weakness in a smartphone’s defenses, known as an exploit.
Unlike spyware, which can be installed remotely, Cellebrite must be physically connected to the smartphone. Moreover, Cellebrite’s technology can only be used to break into and extract existing content from smartphones, and does not allow for active surveillance after the connection is lost and cannot track the device after it has been returned.
Amnesty’s report, however, revealed that Serbia’s domestic security agency managed to install its own malicious spyware after unlocking smartphones, abusing Cellebrite’s technologies not to collect information but as an exploit to actively install surveillance programs.
Under Serbian President Aleksandar Vučić, the media, judiciary and civil society have been targeted by the regime.
The company said on Thursday that after reviewing the allegations made in the Amnesty International report, Cellebrite had taken specific steps to investigate each allegation in line with its ethics and integrity policy.
“We have deemed it appropriate at this time to suspend the use of our products by relevant customers. We are assessing the countries we do business with,” the company said.
Cellebrite is an Israeli company traded on the Nasdaq, with thousands of clients in the US and law enforcement agencies around the world. However, over the years, its hacking technologies have fallen into the hands of organizations that suppress human rights activists, minorities and the LGBTQ community.
As Haaretz has repeatedly reported, Cellebrite’s clients have included repressive regimes under sanctions, including Belarus, China and Hong Kong, Uganda, Venezuela, Indonesia, the Philippines, Russia, Ethiopia, Pakistan and the notorious RAB execution unit in Bangladesh.
The spyware allows for remote surveillance of smartphone owners, including secretly activating cameras and microphones, accessing messaging apps and extracting photos, contacts, files and so on. But military-grade spyware capable of remote infection is only sold with government approval.
It is also typically extremely expensive, and the vulnerabilities the technologies exploit to infect devices are made even more expensive, as they are often discovered by Google and Apple’s cybersecurity teams.
The Serbian spyware, which the researchers have dubbed NoviSpy, did not rely on security flaws to infect devices.
Instead, it was installed on target devices only after they were physically unlocked using Cellebrite technologies. In some cases, it appears victims may have been subpoenaed by the police as part of a scam to gain physical access to their device.
(24sata.info)