Digital Event Horizon
Serbian authorities have used spyware to compromise the phone of a 23-year-old student who had been critical of the government, according to a new report from Amnesty International. The incident highlights the ongoing threat posed by spyware and its use by governments to suppress dissenting voices. Android users are advised to install the February patch batch as soon as possible to protect themselves from similar exploitation.
A Serbian student's phone was compromised using Cellebrite spyware, highlighting ongoing surveillance and repression against civil society. The exploit bypassed lock screens on fully patched Android devices to gain privileged access to the device. Amnesty International reports that similar cases of NoviSpy spyware installation have been uncovered in previous incidents. The incident emphasizes the need for greater transparency and accountability in spyware technology usage.
Amnesty International, a leading human rights organization, has released a report detailing the use of spyware by Serbian authorities to compromise the phone of a 23-year-old student who had been critical of the government. The report highlights the ongoing campaign of surveillance and repression directed against civil society in Serbia, which has been previously criticized for its widespread use of spyware.
The incident involves an exploit from Cellebrite, a controversial exploit vendor whose practices have been sharply criticized over the past decade. The exploit was used to bypass the lock screen of fully patched Android devices and gain privileged access to the device. The report reveals that the Serbian authorities tried to install an unknown application after the device had been unlocked.
The attack chain exploited a series of vulnerabilities in device drivers the Linux kernel uses to support USB hardware. One of the vulnerabilities, tracked as CVE-2024-53104, was patched earlier this month with the release of the February 2025 Android Security Bulletin. Two other vulnerabilities—CVE-2024-53197 and CVE-2024-50302—have been patched upstream in the Linux kernel but have not yet been incorporated into Android.
The report authors say that the installation of apps on Cellebrite-compromised devices was consistent with earlier cases they have uncovered in which spyware tracked as NoviSpy spyware were installed. The perpetrators likely used special-purpose devices to emulate video or sound devices connecting to the targeted device.
This incident highlights the ongoing threat posed by spyware and its use by governments to suppress dissenting voices. Amnesty International's report emphasizes the need for greater transparency and accountability in the use of such technology. As a result, Android users who have yet to install the February patch batch are advised to do so as soon as possible.
The Serbian government's campaign of surveillance is part of a larger trend of using spyware to control and repress civil society. Amnesty International has been critical of this practice, which can have devastating consequences for individuals and communities. The use of spyware by governments raises significant concerns about the erosion of human rights and the suppression of dissenting voices.
The incident also highlights the vulnerability of Android devices to exploitation, even with patches in place. The fact that fully patched Android devices were still vulnerable to this exploit underscores the need for greater vigilance and awareness among device users. As a result, it is essential for Android users to stay informed about security updates and patch their devices promptly.
In conclusion, the use of spyware by Serbian authorities to compromise the phone of a student who had been critical of the government is a disturbing example of the ongoing threat posed by this technology. Amnesty International's report highlights the need for greater transparency and accountability in the use of such technology and emphasizes the importance of protecting human rights.
Related Information:
https://www.digitaleventhorizon.com/articles/The-Pervasive-Use-of-Spyware-by-Serbian-Authorities-A-Threat-to-Civil-Society-deh.shtml
https://arstechnica.com/security/2025/02/android-0-day-sold-by-cellebrite-exploited-to-hack-serbian-students-phone/
Published: Fri Feb 28 20:47:22 2025 by llama3.2 3B Q4_K_M
