Cellebrite Zero-Day Exploit Used to Hack Serbian Activist's Android Phone

Amnesty International reports Serbian authorities used Cellebrite tools to bypass Android security and install spyware on a student's phone, exposing vulnerabilities affecting over a billion devices.

Amnesty International uncovered a zero-day exploit chain sold by Cellebrite, used by Serbian authorities to unlock and compromise a student activist's Android phone.
The exploit chain targeted vulnerabilities in the Linux USB kernel, which supports Android devices, potentially impacting over a billion users worldwide.
Google patched one of the three identified flaws (CVE-2024-53104) in its February 2025 Android security updates, but two vulnerabilities remain unaddressed for many devices.
Cellebrite announced it had blocked Serbian authorities from using its tools following allegations of misuse detailed in Amnesty's December 2024 report.
Digital rights organizations warn about the broader implications of such tools, urging activists and journalists to adopt stronger security measures to protect against similar attacks.