Serbian student activist's phone hacked using Cellebrite zero-day exploit
a year ago
- #HumanRights
- #Surveillance
- #Cybersecurity
- Amnesty International reported a Cellebrite zero-day exploit used to unlock an Android smartphone of a Serbian activist.
- Cellebrite blocked Serbia from using its solution after reports of misuse by police to unlock and infect phones of a journalist and activist.
- The exploit targeted Android USB drivers, affecting over a billion Android devices due to vulnerabilities in Linux kernel USB drivers.
- Three vulnerabilities (CVE-2024-53104, CVE-2024-53197, CVE-2024-50302) were identified, with one patched in Android's February 2025 update.
- CVE-2024-53104 is a privilege escalation flaw in the Kernel’s USB Video Class driver, allowing arbitrary code execution or denial-of-service attacks.
- A 23-year-old student activist in Serbia was detained, and his Samsung Galaxy A32 was unlocked using Cellebrite's exploit, with evidence of an unknown app installation attempt.
- Cellebrite suspended its technology provision to Serbia following Amnesty International's report on misuse by Serbian police.
- Amnesty International calls for investigations, accountability, and safeguards to prevent future abuse of surveillance technology in Serbia.