Amnesty International has revealed that a zero-day exploit, sold by the controversial vendor Cellebrite, was utilized to compromise the Android phone of a Serbian student known for criticizing the government. This incident highlights ongoing concerns about the use of spyware for state surveillance.

Background on Surveillance Concerns

In December, Amnesty International accused Serbian authorities of widespread spyware usage to exert control over civil society. The report implicated Cellebrite and NSO Group, both notorious for selling surveillance tools. Following these allegations, Cellebrite announced a suspension of sales to certain Serbian entities.

Details of the Exploit

The recent findings by Amnesty International indicate that Cellebrite sold an attack chain capable of bypassing the lock screen on fully updated Android devices. This exploit targeted a Serbian student who had been vocal against the government. The attack leveraged vulnerabilities within the Linux kernel's device drivers to manipulate USB hardware.

Implications and Recommendations

This case underscores the critical need for robust cybersecurity measures and scrutiny over the sale of surveillance tools. Users are advised to stay informed about potential vulnerabilities and take proactive steps to secure their devices.

For more insights into zero-day vulnerabilities and protective strategies, learn more in our Research section.

The link has been copied!