FlagThis - #surveillance

Amnesty International has revealed that Serbian police and intelligence services are using Cellebrite's forensic tools to extract data from the mobile phones of journalists and activists, followed by the installation of a new Android spyware called NoviSpy. This method of surveillance involves unlocking devices using Cellebrite, which is capable of bypassing device passcodes, and then loading them with the NoviSpy malware. The spyware can capture sensitive personal data, including screenshots, location data, audio and microphone recordings, as well as turning on phone cameras. The report highlights how this combination of technology allows Serbian authorities to conduct extensive covert surveillance operations against civil society.

This use of Cellebrite technology, typically used for data extraction, to enable spyware installation, marks a concerning development in digital surveillance tactics. Amnesty International documented two cases where Cellebrite tools were used to unlock devices before installing spyware. The NoviSpy spyware, once installed, can access a wide range of data, allowing Serbian authorities to monitor individuals in a pervasive manner. While Cellebrite asserts its tools cannot plant spyware, this incident raises significant concerns about the potential misuse of such technology and its implications for human rights and freedom of speech.


References :

• Threats | CyberScoop: Amnesty International exposes Serbian police’s use of spyware on journalists, activists
• securitylab.amnesty.org: “We are all in the form of a digital prison, a digital gulag”: Cellebrite phone hacking and spyware
• 404 Media: Cellebrite Unlocked This Journalist’s Phone. Cops Then Infected it With Malware
• Amnesty International: Serbia: Authorities using spyware and Cellebrite forensic extraction tools to hack journalists and activists
• Zack Whittaker: New, by : Amnesty says it's identified spyware on the phones of a Serbian journalist, whose phone was physically seized during a traffic stop and opened using Cellebrite phone-unlocking tools.
• techcrunch.com: Serbian police used Cellebrite to unlock, then plant spyware, on a journalist’s phone
• bsky.app: Serbian police used Cellebrite to unlock, then plant spyware, on a journalist's phone | TechCrunch
• Zack Whittaker: Cellebrite, which made the phone-unlocking tech that Serbian authorities used to plant the spyware, told us that its tools alone cannot be used to plant spyware — "a third-party would have to do that."
• The Hacker News: NoviSpy Spyware Installed on Journalist's Phone After Unlocking It With Cellebrite Tool
• CCC: “We are all in the form of a digital prison, a digital gulag”: Cellebrite phone hacking and spyware
• infosec.exchange: NEW: Amnesty International has documented two cases where Serbian authorities used Cellebrite to unlock the phones of a journalist and an activist.
• Dataconomy: Serbian police allegedly use NoviSpy spyware to monitor journalists
• BleepingComputer: The Serbian government exploited Qualcomm zero-days to unlock and infect Android devices with a new spyware named 'NoviSpy,' used to spy on activists, journalists, and protestors.
• Joseph Cox: New: Cellebrite is being used as doorway to install malware. Amnesty finds multiple cases where police used Cellebrite to unlock phone; cops then used that access to infect with spyware which takes screenshots, turns on mic, etc, give phone back to target. In Serbia
• Techmeme: Amnesty International: Serbian authorities used phone hacking startup Cellebrite's tools to unlock a journalist's phone before infecting the device with malware (Joseph Cox/404 Media)
• securityaffairs.com: Report claims that Serbian authorities abused Cellebrite tool to install NoviSpy spyware
• appleinsider.com: Undisclosed HomeKit flaw used by Cellebrite to attack Serbian journalists
• Help Net Security: Serbian police and intelligence officers used Cellebrite forensic extraction software to unlock journalists’ and activists’ phones and install previously unknown Android spyware called NoviSpy
• evacide: The Serbian government is using Cellebrite and Novispy to spy on journalists and activists, says Amnesty Tech
• JosephMenn: A new report from Amnesty shines a harsh light on device-cracking companies like Cellebrite, which police are using to inject spyware onto the phones of activists and journalists.
• Cybernews: Governments may be using mobile forensic products from Cellebrite to hack high-profile targets and install spyware on their Android devices.

Classification:

• HashTags: #Spyware #Cellebrite #NoviSpy
• Company: Cellebrite
• Target: Journalists and Activists
• Attacker: Serbian Police
• Product: Cellebrite
• Feature: Spyware
• Malware: NoviSpy
• Type: Espionage
• Severity: Major