**Serbian Police Accused of Using Cellebrite Zero-Day Hack to Unlock Android Phones**
A recent revelation has shed light on the use of a zero-day exploit chain by Serbian authorities to unlock an Android phone and install spyware. The incident has sparked concerns about the potential misuse of powerful digital forensics tools.
Cellebrite, an Israeli company, is renowned for developing software used by law enforcement agencies, intelligence organizations, and private companies to extract data from smartphones and other digital devices. The organization's tools often rely on zero-day exploits to access and extract data typically protected on locked phones.
According to Amnesty International's Security Lab, the exploitation chain was discovered in mid-2024 during forensic research on a device belonging to a student activist. The lab found that Serbian authorities had used an Android exploit chain developed by Cellebrite to unlock the phone and attempt to install spyware. This revelation has raised questions about the potential for abuse of such tools.
**The Role of Zero-Day Exploits**
Zero-day exploits are vulnerabilities in software or hardware that are not yet publicly known, making them difficult to defend against. In this case, Cellebrite's Android exploit chain was used to take advantage of vulnerabilities in the Linux kernel USB drivers, also used in Android. The first flaw was patched in Google's February 2025 Android security updates, but two other flaws remain unpatched.
**Google's Response**
In response to the revelations, Google announced that it had blocked access to its tools for Serbia's security services, BIA. Following a report by Amnesty International, Google shared fixes with OEM partners on January 18th and assured users that these vulnerabilities would be included in future Android Security Bulletins and required by Android Security Patch Level (SPL).
**Mitigating the Threat**
While the use of zero-day exploits is a serious concern, there are steps that users can take to mitigate the threat. Turning off USB debugging (ADB), setting the cable connectivity mode to "Charge Only," and enabling Full Disk Encryption (Settings → Security & privacy → More security & privacy → Encryption & credentials → Encrypt phone) can help prevent unauthorized access.
**The Consequences of Abuse**
In recent months, Amnesty International has reported on cases of privacy rights abuse in Serbia. This latest incident highlights the need for greater accountability and transparency in the use of powerful digital forensics tools.
In conclusion, the use of a Cellebrite zero-day hack to unlock an Android phone by Serbian authorities raises serious concerns about the potential for abuse of powerful digital forensics tools. While there are steps that users can take to mitigate the threat, it is essential that law enforcement agencies and governments prioritize accountability and transparency in their use of such tools.
**Key Findings:**
* Cellebrite used an Android zero-day exploit chain to unlock an Android phone. * The exploit chain was discovered by Amnesty International's Security Lab. * Google has patched two zero-day flaws (CVE-2024-29745 and CVE-2024-29748) that were exploited in similar cases. * Three vulnerabilities in the Linux kernel USB drivers, also used in Android, were identified as being exploitable with a zero-day exploit chain.
**What You Can Do:**
* Turn off USB debugging (ADB). * Set the cable connectivity mode to "Charge Only." * Enable Full Disk Encryption (Settings → Security & privacy → More security & privacy → Encryption & credentials → Encrypt phone).