Particle.news
Download on the App Store
4 ARTICLES
·
2mo ago

Cellebrite Zero-Day Exploit Used to Hack Serbian Activist's Android Phone

Amnesty International reports Serbian authorities used Cellebrite tools to bypass Android security and install spyware on a student's phone, exposing vulnerabilities affecting over a billion devices.

The phrase Zero Day can be spotted on a monochrome computer screen clogged with ones and zeros.
Image

Overview

  • Amnesty International uncovered a zero-day exploit chain sold by Cellebrite, used by Serbian authorities to unlock and compromise a student activist's Android phone.
  • The exploit chain targeted vulnerabilities in the Linux USB kernel, which supports Android devices, potentially impacting over a billion users worldwide.
  • Google patched one of the three identified flaws (CVE-2024-53104) in its February 2025 Android security updates, but two vulnerabilities remain unaddressed for many devices.
  • Cellebrite announced it had blocked Serbian authorities from using its tools following allegations of misuse detailed in Amnesty's December 2024 report.
  • Digital rights organizations warn about the broader implications of such tools, urging activists and journalists to adopt stronger security measures to protect against similar attacks.