A naukri.com initiative
Securityaffairs
4w
84
Image Credit: Securityaffairs
Serbian student activist’s phone hacked using Cellebrite zero-day exploit
- Amnesty International reported that a Cellebrite zero-day exploit was used to unlock the Android smartphone of a Serbian activist.
- The exploit involved a zero-day exploit chain targeting Android USB drivers developed by Cellebrite, impacting over a billion Android devices.
- Google patched vulnerabilities identified in the Cellebrite zero-day exploit chain in Android's February 2025 update and the Linux kernel.
- The exploit targeted Linux kernel USB drivers, allowing physical access to bypass Android lock screens and gain privileged access.
- Serbian police used the Cellebrite exploit to unlock a student activist's Samsung Galaxy A32 and install an unknown Android application, likely NoviSpy spyware.
- Amnesty International documented the incident of the activist being detained, interrogated, and having his phone exploited by Serbian authorities.
- Cellebrite suspended its technology provision to Serbia following reports of abuse by local police, as confirmed by an Amnesty International report.
- The Security Lab at Amnesty International emphasized the importance of investigating and holding accountable those misusing digital forensic technology.
- According to Donncha Ó Cearbhaill, further exports of surveillance technology to Serbia should be halted until proper oversight is in place to protect privacy and rights.
Read Full Article
5 Likes
For uninterrupted reading, download the app