Cellebrite Spyware Misuse in Serbia: Authorities Used it to Hack and Spy on Journalist’s Phone

This year, alarming revelations emerged about Cellebrite spyware misuse in Serbia, where police used forensic technology to not only unlock phones but also plant spyware.

Key Takeaway:

Key Takeaway to Cellebrite Spyware Misuse in Serbia:

• Serbian authorities reportedly exploited Cellebrite spyware misuse in Serbia to hack phones and plant spyware, raising concerns about surveillance abuse.

Serbian Police Exploited Cellebrite to Hack and Spy on Activists

The victims, journalist Slaviša Milanov and activist Nikola Ristić, had their privacy severely breached during police detentions.

A report from Amnesty International details how Cellebrite, a tool designed for lawful data extraction, was misused to enable covert surveillance.

These incidents highlight a troubling shift in spyware use, as governments increasingly combine physical access to devices with intrusive software to monitor citizens. Let’s dive deeper into how this unfolded and what it means for privacy rights worldwide.

Serbian Journalist Targeted in Spyware Operation

In February 2024, Serbian journalist Slaviša Milanov was stopped by local police for what appeared to be a routine traffic check.

The situation escalated when Milanov was taken to a police station, where his phone, a Xiaomi Redmi Note 10S, was confiscated for nearly two hours. Upon its return, Milanov noticed unusual activity:

• Mobile data and Wi-Fi were turned off.
• Apps like File Manager, Recorder, and Google Play Store showed unexpected usage during his detention.
• Over 1.6GB of data had been extracted without his consent.

Suspicious of foul play, Milanov reached out to Amnesty International, whose forensic experts discovered spyware named NoviSpy on his phone.

The spyware had been installed using Cellebrite, a tool commonly employed by law enforcement to access locked devices.

How Cellebrite Tools Were Misused

Amnesty International’s analysis confirmed that Serbian authorities misused Cellebrite tools to unlock phones and install spyware.

While Cellebrite claims its devices cannot plant malware, the Serbian police exploited the tool to gain physical access to phones and manually deploy spyware.

This method bypasses the high cost and complexity of zero-day vulnerabilities traditionally used in remote spyware attacks.

Instead, Serbian authorities relied on physical custody of devices during arrests or detentions to install NoviSpy.

A Broader Pattern of Spyware Abuse

The misuse of Cellebrite in Serbia reflects a growing global trend of invasive surveillance. Amnesty’s report connects the Serbian spyware operation to the country’s Security Information Agency (BIA). Key findings include:

Amnesty’s investigation revealed that the spyware code contained Serbian-language strings and communicated with local servers, further implicating the BIA.

Spyware Abuse Beyond Serbia

Serbia’s spyware scandal is not an isolated case. Around the world, governments have misused surveillance tools to target journalists, activists, and dissidents.

For example, in 2001, the FBI planted spyware on mobster Nicodemo Scarfo’s computer to steal encryption keys. Similarly, in 2024, Citizen Lab documented how Russian authorities forced opposition activist Kirill Parubets to unlock his phone before installing spyware.

In the U.S., concerns are growing as agencies like ICE invest in phone-hacking tools like Cellebrite. Amnesty warns that without stricter safeguards, such tools could easily be misused to target vulnerable communities.

The Impact on Privacy Rights

The misuse of Cellebrite spyware in Serbia raises critical questions about privacy and surveillance laws. Governments often justify the use of spyware for national security, but these tools can also suppress freedom of speech and target civil society.

Key Risks of Spyware Abuse:

• Lack of Transparency: Authorities rarely disclose how spyware is used, leaving room for misuse.
• Threat to Democracy: Journalists and activists are silenced through invasive surveillance.
• Global Implications: Misuse in one country sets a dangerous precedent for others.

For individuals, this means increased vigilance is necessary. Tools like Amnesty’s StayFree app can help detect unusual activity on devices.

About Cellebrite

Cellebrite is an Israel-based company specializing in digital intelligence solutions for law enforcement and security agencies. Its tools are used globally for data extraction and analysis. Learn more about Cellebrite on their official site.

Rounding Up

The misuse of Cellebrite spyware in Serbia highlights the urgent need for stricter regulations on surveillance tools. When authorities exploit technology meant for lawful investigations, they erode public trust and infringe on fundamental rights.

Advocacy groups like Amnesty International and Citizen Lab play a critical role in exposing such abuses and holding governments accountable.

If left unchecked, spyware misuse will continue to endanger privacy and democracy worldwide. It’s time for stricter oversight and transparent policies to protect against these invasive practices.

FAQs

What is Cellebrite?

• Cellebrite is a forensic technology company providing tools for data extraction and analysis, primarily used by law enforcement.

What is NoviSpy?

• NoviSpy is a spyware identified in Serbia, used to monitor individuals by extracting private data from their phones.

How can individuals protect themselves from spyware?

• To safeguard against spyware, use updated antivirus software, avoid handing over devices unnecessarily, and monitor unusual activity with apps like StayFree.

Has Cellebrite commented on the misuse?

• Cellebrite denies its tools can install malware, claiming misuse lies with third parties.

Are spyware abuses limited to Serbia?

• No, similar cases have been documented globally, including the U.S. and Russia.