Amnesty International recently released a report detailing how the Serbian government has been using advanced mobile forensics products from Israeli surveillance firm Cellebrite to spy on journalists, environmental activists, and civil rights activists. The report, titled “A Digital Prison: Surveillance and the suppression of civil society in Serbia,” revealed the use of NoviSpy, a bespoke Android spyware tool previously unknown to the public.
According to the report, the Serbian police forces and intelligence services, including the Security Information Agency (Bezbedonosno-informativna Agencija – BIA), have been accused of using NoviSpy to infect individuals’ devices covertly during periods of detention or police interviews. Among the targets identified in the report were Serbian independent investigative journalist Slaviša Milanov, environmental activist Nikola Ristić, and an unnamed activist from Krokodil, an organization promoting dialogue and reconciliation in the Western Balkans.
In addition to NoviSpy, the Serbian authorities have also been observed using mobile forensics products from Cellebrite. These tools allow the extraction of data from a wide range of mobile devices, including recent Android devices and iPhone models, without requiring access to the device passcode.
While NoviSpy is not as advanced as commercial spyware like Pegasus, it still provides Serbian authorities with extensive surveillance capabilities once installed on a target’s device. Amnesty’s forensic evidence revealed how Serbian authorities used Cellebrite products to enable NoviSpy spyware infections on activists’ phones. NoviSpy has the capability to capture sensitive personal data from a target phone, as well as remotely activate the device’s microphone or camera.
In some cases, Cellebrite exploits were used to bypass Android device security mechanisms, allowing authorities to covertly install the NoviSpy spyware during police interviews. Additionally, Amnesty researchers identified instances where Serbian authorities used Cellebrite to exploit a zero-day vulnerability in Android devices, gaining privileged access to an environmental activist’s phone.
Following the release of the Amnesty report, Cellebrite responded by stating that their digital investigative software solutions do not install malware or conduct real-time surveillance akin to spyware or offensive cyber activities. The company expressed a willingness to investigate the allegations made in the report and take appropriate action, including terminating relationships with any agencies found to be in violation of their end-user agreement.
Amnesty International shared their findings with the Serbian government prior to publication but has not received a response. The use of spyware by government authorities to monitor and suppress civil society raises serious concerns about privacy, freedom of expression, and human rights in Serbia. The implications of such activities on individuals targeted for surveillance, as well as on broader civil society, are significant and warrant further investigation and action.