Serbian Police Exploit Cellebrite Zero-Day to Unlock Android Phones

In a recent investigation, Amnesty International has uncovered that Serbian authorities have been utilizing advanced mobile forensic tools from Israeli firm Cellebrite to unlock Android devices of journalists and activists without their consent. These tools exploit zero-day vulnerabilities—previously unknown security flaws—to bypass device passcodes and extract sensitive data. Once unlocked, a custom-built spyware named NoviSpy is installed, enabling remote surveillance capabilities such as accessing personal data and controlling device microphones and cameras. This covert surveillance campaign has raised significant concerns about privacy rights and the suppression of civil society in Serbia.

In response to these findings, Cellebrite announced earlier this week that it has blocked access to its tools for Serbia’s security services. The company stated it is investigating the reported misuse and emphasized that its products are intended for lawful use under proper legal oversight.

Google’s Threat Analysis Group has collaborated with Amnesty International to identify and address the exploited vulnerabilities. As a result, patches have been released to fix these security issues, aiming to protect Android users from such unauthorized access in the future.

Read Next: How Cybercriminals Are Weaponizing Human Emotions

This situation highlights the potential risks associated with surveillance technologies when used without strict legal controls and oversight, posing significant threats to human rights and freedom of expression.