Amnesty Worldwide on Friday mentioned it decided {that a} zero-day exploit offered by controversial exploit vendor Cellebrite was used to compromise the cellphone of a Serbian pupil who had been crucial of that nation’s authorities.
The human rights group first known as out Serbian authorities in December for what it mentioned was its “pervasive and routine use of spy ware” as a part of a marketing campaign of “wider state management and repression directed towards civil society.” That report mentioned the authorities had been deploying exploits offered by Cellebrite and NSO, a separate exploit vendor whose practices have additionally been sharply criticized over the previous decade. In response to the December report, Cellebrite mentioned it had suspended gross sales to “related clients” in Serbia.
Marketing campaign of surveillance
On Friday, Amnesty Worldwide mentioned that it uncovered proof of a brand new incident. It entails the sale by Cellebrite of an assault chain that might defeat the lock display of totally patched Android units. The exploits had been used towards a Serbian pupil who had been crucial of Serbian officers. The chain exploited a sequence of vulnerabilities in system drivers the Linux kernel makes use of to help USB {hardware}.
“This new case gives additional proof that the authorities in Serbia have continued their marketing campaign of surveillance of civil society within the aftermath of our report, regardless of widespread requires reform, from each inside Serbia and past, in addition to an investigation into the misuse of its product, introduced by Cellebrite,” authors of the report wrote.
Amnesty Worldwide first found proof of the assault chain final yr whereas investigating a separate incident outdoors of Serbia involving the identical Android lockscreen bypass. Authors of Friday’s report wrote:
