Serbian Student's Android Phone Compromised By Exploit From Cellebrite

An anonymous reader quotes a report from Ars Technica: Amnesty International on Friday said it determined that a zero-day exploit sold by controversial exploit vendor Cellebrite was used to compromise the phone of a Serbian student who had been critical of that country's government. [...] The chain exploited a series of vulnerabilities in device drivers the Linux kernel uses to support USB hardware. "This new case provides further evidence that the authorities in Serbia have continued their campaign of surveillance of civil society in the aftermath of our report, despite widespread calls for reform, from both inside Serbia and beyond, as well as an investigation into the misuse of its product, announced by Cellebrite," authors of the report wrote.

Amnesty International first discovered evidence of the attack chain last year while investigating a separate incident outside of Serbia involving the same Android lockscreen bypass. [...] The report said that one of the vulnerabilities, tracked as CVE-2024-53104, was patched earlier this month with the release of the February 2025 Android Security Bulletin. Two other vulnerabilities -- CVE-2024-53197 and CVE-2024-50302 -- have been patched upstream in the Linux kernel but have not yet been incorporated into Android. Forensic traces identified in Amnesty International's analysis of the compromised phone showed that the Serbian authorities tried to install an unknown application after the device had been unlocked. The report authors said the installation of apps on Cellebrite-compromised devices was consistent with earlier cases the group has uncovered in which spyware tracked as NoviSpy spyware were installed.

As part of the attack, the USB port of the targeted phone was connected to various peripherals during the initial stages. In later stages, the peripherals repeatedly connected to the phone so they could "disclose kernel memory and groom kernel memory as part of the exploitation." The people analyzing the phone said the peripherals were likely special-purpose devices that emulated video or sound devices connecting to the targeted device. The 23-year-old student who owned the phone regularly participates in the ongoing student protests in Belgrade. Any Android users who have yet to install the February patch batch should do so as soon as possible.

Re:

[Bradac_55]

Lay off the crack pipe dude, everyone knows BeauHD died years ago and this is just a bot posting.

Re:

[rossdee]

About 111 years ago people cared what happened in Serbia. It caused the Great War (later referred to as World War 1)

Yeah right, update your Android

[Uldis Segliņš]

I can not update my perfectly functioning phone hardwares software just because Google has not freed one from the other. And hardware manufacturers just don't care. Or the opposite - they care that I am pushed to buy new. Evil Google, free the Android OS, so we can install, upgrade or choose wherefrom to do that independently of OEMs! This is the same as recycling - blame the end user who can't separate the plastic packaging from other materials, when manufacturer should be held accountable with consequence

Re: Yeah right, update your Android

[commodore73]

Why would they care? Why would you expect them to care? You are just a consumer, and there is an almost infinite supply. Silly thoughts.

Re:Yeah right, update your Android

[phantomfive]

If your phone has a locked bootloader, then it's not a perfectly functioning phone.

And if you bought the phone knowing that, then you're just as dumb as every iPhone user out there.

Re:

[ArchieBunker]

And if you bought the phone knowing that, then you're just as dumb as every iPhone user out there.

My iPhone 8 (released in 2017) still gets occasional OS updates.

Re:

[ArchieBunker]

Sideloading work’s just fine. https://sideloadly.io/ [sideloadly.io]

But honestly I have never personally had the need. If it was a major concern of mine I would buy something really open like the Pine Phone. https://pine64.org/devices/pin... [pine64.org]

Re:

[phantomfive]

And there you are, just as predicted, bragging about it.

Re:

[Kitkoan]

Your iPhone was also available for sale untill 2022, and was dropped from support 2 years after that. I also noticed you said when it was released, not when you got it. I'm guessing you didn't get it then and so had a shorter support window. Too bad Apple didn't copy Google (again) with Google Play Security Updates, otherwise it would still be getting updates.

Re:

[thegarbz]

Thanks for your 2015 talking points. On the flip side Android has decoupled security from OS updates, so you very much can run an old Android OS patched to the latest security level, and virtually all manufacturers offer over 5 years of security updates these days .

Re:

[sg_oneill]

For all of apples faults, this is one advantage the IOS thing has (And I *believe* googles own pixel range are good for it. Probably samsung too, my 3 year old samsung tablet still seems to get updates) is that because Apple control their whole supply chain they SEEM to be good for updating phones for quite a few years. Sure there has been some *funky* shit in the past with them slowing down old phones, ostensibly for battery reasons but it'd be nice if it was optional, but you DO get those security updates

Re:

[Fuzi719]

You can't blame Google for what your phone manufacturer has done (or hasn't done). Google makes the Android OS available. Google's Pixel phones are updated monthly. The Play System is updated, as well, independantly. However, phone manufacturers take the Android OS and customize it, it becomes not the same as that provided by Google, so it is your phone manufacturer's responsibility to update it. If you want a phone that is updated regularly, buy a Pixel. Or, buy a phone with a bootloader that can be

Lesson learned.

[ChunderDownunder]

via Sir Keir, UK PM this week - if you don't want your government hacking you, use an iPhone.

Me? cheap Moto phone likely backdoored by both Chinese and my local franchise of the 5-Eyes, with a mixture of software from Google, Meta and Microsoft. Keep everyone happy. :)

Phones are not secure so stop wanting that.

[couchslug]

The idea phones are secure from nation-state threats is mostly wishful thinking. Unlike personal computers you do not truly control your phone making it an easy target.

The Taliban got wise and switched to sneakernetting USB fobs. Before personal computers Russian dissidents manually reproduced their materials (samizdat).