Amnesty International said on Friday that it established that a Zero-Day exploit was sold by controversial exploit seller Cellebrite to compromise the phone of a Serbian student who had been critical of the government's government.
In December, the human rights organization called for the first time the Serbian authorities for what it said was the “in -depth and routine use of spyware” as part of a campaign of “broader state control and repression directed against civil society”. That report said that the authorities use exploits that were sold by Cellebrite and NSO, a separate exploit seller whose practices have also been sharply criticized over the past decade. In response to the December report, Cellebrite said that it had suspended the sale to 'relevant customers' in Serbia.
Supervision campaign
On Friday, Amnesty International said that discovered proof of a new incident. It is about the sale by Cellebrite of an attack chain that can beat the locking screen of fully patched Android devices. The exploits were used against a Serbian student who had been critical of Serbian officials. The chain operated a series of vulnerabilities in device drivers that the Linux core carnel uses to support USB hardware.
“This new case also provides evidence that the authorities in Serbia have continued their campaign for supervision of civil society in the aftermath of our report, despite widespread calls for reform, both in Serbia and beyond, as well as an investigation into the abuse of its product, announced by Cellebrite,” written authors of the report.
Amnesty International discovered evidence of the attack chain for the first time last year while investigating a separate incident outside of Serbia with the same bypass by Android Lockscreen. Authors of the Friday report wrote:
