Amnesty International reported on Friday that a zero-day exploit sold by Cellebrite, a controversial exploit vendor, was used to compromise the Android phone of a Serbian student critical of the country’s government. This revelation comes after the human rights organization previously called out Serbian authorities for their use of spyware as a means of surveillance and repression against civil society.
The December report by Amnesty International highlighted the widespread use of spyware by Serbian authorities, with Cellebrite and NSO exploits being utilized as tools of control and repression. In response to the report, Cellebrite claimed to have suspended sales to certain customers in Serbia. However, recent findings show that the surveillance campaign has continued, with the exploitation of vulnerabilities in fully patched Android devices.
Campaign of Surveillance Continues
Amnesty International’s latest report reveals a new incident involving the sale of an attack chain by Cellebrite, which successfully bypassed the lock screen of the student’s Android phone. The attack exploited vulnerabilities in device drivers used by the Linux kernel to support USB hardware. This case serves as further proof of the ongoing surveillance efforts by Serbian authorities, despite calls for reform and investigations into the misuse of Cellebrite’s products.
The organization initially discovered evidence of the attack chain during an investigation into a separate incident outside of Serbia that also involved an Android lock screen bypass. The persistence of such surveillance tactics underscores the challenges faced by individuals critical of the government and the need for greater protection of civil liberties.
Expert Insights and Calls for Action
Experts in the field of cybersecurity warn of the dangers posed by zero-day exploits, which can be used to gain unauthorized access to devices and compromise sensitive information. The use of such exploits by government entities raises concerns about privacy rights and the potential abuse of surveillance technologies.
In response to the report, advocates for digital rights and privacy have called for increased transparency and accountability in the use of surveillance tools by governments. The need for oversight and regulation of companies like Cellebrite and NSO has become a pressing issue as the prevalence of spyware and exploitation techniques continues to grow.
Moving Forward
As the investigation into the compromised phone of the Serbian student unfolds, it is clear that the issue of surveillance and privacy violations is far from resolved. The challenges posed by the widespread use of spyware and exploitation tools highlight the importance of safeguarding individual rights and freedoms in the digital age.
The revelations from Amnesty International’s report serve as a stark reminder of the power dynamics at play in the realm of cybersecurity and government surveillance. It is crucial for policymakers, tech companies, and civil society organizations to work together to address these issues and ensure the protection of human rights in an increasingly digital world.
