Amnesty Worldwide on Friday stated it decided {that a} zero-day exploit bought by controversial exploit vendor Cellebrite was used to compromise the telephone of a Serbian scholar who had been important of that nation’s authorities.
The human rights group first referred to as out Serbian authorities in December for what it stated was its “pervasive and routine use of adware” as a part of a marketing campaign of “wider state management and repression directed towards civil society.” That report stated the authorities have been deploying exploits bought by Cellebrite and NSO, a separate exploit vendor whose practices have additionally been sharply criticized over the previous decade. In response to the December report, Cellebrite stated it had suspended gross sales to “related prospects” in Serbia.
Marketing campaign of surveillance
On Friday, Amnesty Worldwide stated that it uncovered proof of a brand new incident. It includes the sale by Cellebrite of an assault chain that would defeat the lock display screen of absolutely patched Android gadgets. The exploits have been used towards a Serbian scholar who had been important of Serbian officers. The chain exploited a sequence of vulnerabilities in system drivers the Linux kernel makes use of to help USB {hardware}.
“This new case gives additional proof that the authorities in Serbia have continued their marketing campaign of surveillance of civil society within the aftermath of our report, regardless of widespread requires reform, from each inside Serbia and past, in addition to an investigation into the misuse of its product, introduced by Cellebrite,” authors of the report wrote.
Amnesty Worldwide first found proof of the assault chain final yr whereas investigating a separate incident outdoors of Serbia involving the identical Android lockscreen bypass. Authors of Friday’s report wrote:
