Amnesty International said Google has previously determined unknown imperfections on Android that allowed the authorities to unlock the phones using forensic tools.
On Friday, Amnesty International published a report Analyzing a chain of three vulnerabilities of zero day developed by Cellebrite, found by her researchers after investigating a student’s phone in Serbia. The defects were found at the core of the USB Linux core, which means that “vulnerability is not limited to a particular device or supplier and could affect a billion Android devices”, according to the report.
Zero days are errors in products that are unknown to software or hardware manufacturers when they are unknown. Zero days allow criminals and government hackers to enter systems in a way that is more effective because there is no patch that still corrects them.
In this case, Amnesty stated that it found first traces of one of the defects in one case in mid -2024. Last year, after investigating the hack of a student activist in Serbia, the organization shared its findings with the threat of threats to the threat of Google’s threat.
During the investigation of the activist’s phone, amnesty researchers found the USB exploitation, which allowed the Serbian authorities, using Cellegite tools to unlock the activist’s phone.
When reached for comments, Cellegite Victor Cooper’s spokesman reported a statement that the company was published earlier this week.
In December, Amnesty reported that it found two cases where the Serb authorities had used Cellegite forensic tools to unlock the phones of an activist and a journalist and then installed a spyware Android known as Novispy. Earlier this week, Cellegite announced that it had stopped its Serbian client from using his technology following allegations of abuse revealed by Amnesty.
“Following a review of the allegations arising from the Amnesty International Exhibition in December 2024, Cellegite took precise measures to investigate any claim in accordance with ethics and integrity policies. We found it appropriate to stop using our products by the relevant customers at this time,”
Contact us
Do you have more information about government spyware and its manufacturers? From a non-work device, you can contact Lorenzo Franceschi-bicchierai safely on the signal on +1 917 257 1382, or via the telegraph and keybase @lorenzofb or email. You can also contact TechCrunch via securedrop.
In the new report, Amnesty said it came into contact in January to analyze the device of a youth activist arrested by the Serbian Security Organization (Bezbednosno-Informativna Agencija or Bia) at the end of last year.
“The conditions of his arrest and the behavior of BIA officers were strongly corresponding to the modus operandi used against protesters and documented in our report in December. A criminal investigation by the device conducted in January confirmed the use of Cellebrite.
As in other cases, the authorities used a Cellegite device to unlock the activist’s Samsung A32 phone “without his knowledge or consent and outside of a legally investigation”, according to Amnesty.
“The seemingly common use of Cellebrite software against people to exercise their rights in freedom of expression and the peaceful assembly can never be a legal objective,” amnesty wrote, “and therefore violates human rights law.”
Bill Marczak, a senior researcher at Citizen Lab, a digital rights organization investigating Spyware, wrote to x That activists, journalists and members of civil society “who could have their phone occupied by the authorities (protest, borders, etc.) should consider transitioning to the iPhone” because of these vulnerable points.
Referring to Cellebrite tools, Donncha รณ Cearbhaill, head of the Amnesty Security Laboratory, told TechCrunch that “the extensive availability of such tools lets me fear that we simply scrape the surface of these products.”
Google did not immediately respond to request for comments.
