Amnesty Worldwide on Friday mentioned it decided {that a} zero-day exploit bought by controversial exploit vendor Cellebrite was used to compromise the telephone of a Serbian pupil who had been important of that nation’s authorities.
The human rights group first referred to as out Serbian authorities in December for what it mentioned was its “pervasive and routine use of spyware and adware” as a part of a marketing campaign of “wider state management and repression directed in opposition to civil society.” That report mentioned the authorities have been deploying exploits bought by Cellebrite and NSO, a separate exploit vendor whose practices have additionally been sharply criticized over the previous decade. In response to the December report, Cellebrite mentioned it had suspended gross sales to “related prospects” in Serbia.
Marketing campaign of surveillance
On Friday, Amnesty Worldwide mentioned that it uncovered proof of a brand new incident. It includes the sale by Cellebrite of an assault chain that might defeat the lock display screen of totally patched Android units. The exploits have been used in opposition to a Serbian pupil who had been important of Serbian officers. The chain exploited a collection of vulnerabilities in machine drivers the Linux kernel makes use of to help USB {hardware}.
“This new case offers additional proof that the authorities in Serbia have continued their marketing campaign of surveillance of civil society within the aftermath of our report, regardless of widespread requires reform, from each inside Serbia and past, in addition to an investigation into the misuse of its product, introduced by Cellebrite,” authors of the report wrote.
Amnesty Worldwide first found proof of the assault chain final yr whereas investigating a separate incident exterior of Serbia involving the identical Android lockscreen bypass. Authors of Friday’s report wrote:
