Serbian authorities have come under scrutiny for allegedly using Cellebrite software to unlock and infect phones belonging to civilians with spyware, according to digital privacy researchers. The use of this invasive technology by authorities in Serbia has raised concerns about privacy and surveillance.
Amnesty International reported that victims of this covert spying by Serbian authorities had their phones seized and tampered with during interviews. The report highlighted that at least two civilians had their phones infected with spyware using Cellebrite software, marking the first known instances of authorities combining these technologies for snooping.
Cellebrite’s software, known for helping police crack into locked phones, has been used globally by law enforcement agencies. The FBI, for example, has utilized Cellebrite to extract data from suspects’ devices in high-profile cases. However, the recent use of this software by Serbian authorities to infect phones with spyware is raising concerns about the misuse of such powerful technology.
In addition to Cellebrite, the report by Amnesty International also shed light on the discovery of NoviSpy, a new spyware developed in Serbia to target Android devices. This surveillance tool allows remote access to a phone’s data, microphone, and camera. The report revealed that dozens, if not hundreds, of unique devices were targeted with NoviSpy spyware in recent years, with all samples communicating with servers hosted in Serbia.
The investigation found that Serbian authorities targeted journalists and activists with this surveillance technology, including Slaviša Milanov, who noticed suspicious activity on his phone after being detained by police. Milanov’s phone was found to have traces of both Cellebrite software and NoviSpy spyware, indicating a coordinated effort to access his data without due process.
Cellebrite has previously claimed to have strict policies in place to prevent the misuse of its technology. However, Amnesty’s findings raise questions about the company’s ability to control how its software is used by authorities. The company stated that it is investigating the allegations and is willing to take appropriate action if the misuse of its technology is confirmed.
These revelations come at a time when Serbia has been experiencing significant anti-government protests, leading to increased digital repression and surveillance of activists and journalists. The use of Cellebrite software to exploit a zero-day vulnerability on an environmental activist’s phone further underscores the risks posed by the unchecked use of surveillance technologies by authorities.
Overall, the report by Amnesty International highlights the need for greater oversight and accountability in the use of digital surveillance tools to ensure the protection of individuals’ privacy rights. As technology continues to advance, it is essential for governments and law enforcement agencies to uphold ethical standards and respect due process in their use of spyware and other invasive technologies.