The Israeli technology company Cellebrite has blocked Serbia’s access to its products after discovering that Serbian police and security services had used its technology to spy on journalists and activists, Israeli newspaper Haaretz reports.
The newspaper states that Serbia’s security services installed spyware after unlocking smartphones, abusing Cellebrite’s technology.
“We evaluate the countries we do business with,” the company announced, stating that Serbia would no longer have access to its products.
As Haaretz reported in December 2024, researchers from Amnesty Tech, the technology branch of the international human rights organization Amnesty International (AI), discovered that Serbia had used Cellebrite’s technology to bypass smartphone security mechanisms and infect them with malware.
Cellebrite sells digital forensic technology to law enforcement agencies, including tools capable of hacking locked or even powered-off smartphones to extract confidential and encrypted data.
Similar to spyware, Cellebrite’s platforms exploit security vulnerabilities in smartphones, known as “exploits.”
However, unlike spyware, which can be installed remotely, Cellebrite’s technology requires a physical connection to the phone.
Additionally, Cellebrite’s software can only unlock and extract data from a phone but does not enable ongoing surveillance after disconnection, nor can it track the device once returned to the user, Haaretz explains.
AI’s report, however, revealed that Serbia’s security agency managed to install its own malicious spyware after unlocking smartphones, misusing Cellebrite’s technology not only for data extraction but also for actively infecting devices with surveillance programs. Haaretz adds that under President Aleksandar Vučić, media, the judiciary, and civil society in Serbia have been targeted by the regime.
On February 27, Cellebrite stated that “after reviewing the allegations presented in Amnesty’s report, we have taken precise steps to investigate each claim in accordance with our ethical and integrity policies.”
“We found it appropriate at this time to suspend the use of our products for certain clients. We evaluate the countries we do business with,” the company added.
Cellebrite has thousands of clients in the U.S. and law enforcement agencies worldwide. However, over the years, its hacking technologies have ended up in the hands of organizations that repress human rights activists, minorities, and the LGBTQ community.
Haaretz has repeatedly reported that Cellebrite’s clients included repressive regimes under sanctions, such as Belarus, China and Hong Kong, Uganda, Venezuela, Indonesia, the Philippines, Russia, Ethiopia, Pakistan, and Bangladesh’s notorious RAB execution unit.
FIND OUT MORE:
Spyware enables remote surveillance of smartphone owners, including secretly activating cameras and microphones, accessing messaging apps, and extracting photos, contacts, files, and other data. However, advanced military-grade spyware capable of remote infection is only sold with government approval.
Such spyware is also typically extremely expensive, and discovering the vulnerabilities that these technologies exploit to infect devices is becoming increasingly costly, as they are often identified by cybersecurity teams at companies like Google and Apple.
The Serbian spyware, which researchers dubbed NoviSpy, did not rely on security system vulnerabilities to infect devices.
Instead, it was installed on targeted devices only after they were physically unlocked using Cellebrite’s technology. In some cases, it appears that victims were summoned for police questioning as part of a ruse to gain physical access to their devices, Haaretz reports.
MORE TOPICS:
SERBIAN KICKBOXERS SHOW NO MERCY: Incredible 12 medals at the European Cup in Bulgaria! (PHOTO)
Source: Nova, Foto: