Unlock and load: officials caught using Israeli spyware to snoop on Android users


Governments may be using mobile forensic products from Cellebrite to hack high-profile targets and install spyware on their Android devices.

In February 2024, investigative journalist Slaviša Milanov was arrested and detained by Serbian law enforcement.

Milanov surrendered his Xiaomi Redmi Note 1OS device to authorities. After questioning, he received his device, which he noticed had been tampered with.

ADVERTISEMENT

Following a thorough investigation, it was later identified that Serbian authorities had used a suite of mobile forensic products to unlock the journalist's phone and install a form of spyware called NoviSpy.

Similarly, Nikola Ristić, an environmental activist, had his device unlocked using Cellebrite products which was subsequently infected with NoviSpy.

There were also other incidents in which high-profile targets were invited to speak with law enforcement only to find that their Android devices had been hacked and infected with spyware.

Cellebrite and NoviSpy infections

According to Amnesty International, law enforcement authorities are using mobile forensic products created by the Israeli company Cellebrite to illegally break into devices of high-profile targets.

In this case, Serbian authorities exploited zero-day vulnerabilities to gain full access to victims’ phones.

Cellebrite is an Israeli digital intelligence company that develops a range of products, including its universal forensics extraction device (UFED) suite used by law enforcement and governments.

This suite allows users to extract information from different devices, including recent Android models, without needing direct access.

ADVERTISEMENT

Services created by Cellebrite are being used to exfiltrate data belonging to journalists, activists, and other individuals deemed worthy of surveillance.

Alongside the digital forensic suite, Serbian police and law enforcement authorities are also using a tailormade spyware system known as NoviSpy to secretly infect the target's devices while they are being detained or during police interviews.

Although NoviSpy isn’t as powerful as its spyware sibling Pegasus, it's still an invasive method of surveillance that’s supposedly being abused by governments.

Niamh Ancell BW vilius Konstancija Gasaityte profile Paulius Grinkevicius
Don’t miss our latest stories on Google News

Pegasus found on seven devices

The Israeli-made spyware Pegasus was recently found to have multiple infections on different devices, sounding the alarm for modern mobile security.

Pegasus is an extremely sophisticated spyware tool developed by the Israeli NSO Group.

It exploits unknown vulnerabilities to target Android and iOS users and is sold exclusively to governments.

The mobile security platform iVerify uncovered seven Pegasus infections after 2,500 users scanned their devices. This rate of 2.5 infected devices per 1,000 scans is much higher than previously believed.

Interestingly, most of the discovered infections weren’t recent. One potential Pegasus infection was from late 2023 on iOS 16.6, another was carried out in November 2022 on iOS 15, and five older infections dated back to 2021 and 2022 across iOS 14 and 15.

ADVERTISEMENT

While this might not seem like a lot, this number represents a “massive red flag in the world of mobile security.”

“It was hiding in plain sight, undetected by traditional endpoint security measures,” iVerify said.

Due to its invasive nature, the mobile surveillance tool is scrutinized by privacy and human rights proponents like Amnesty International. NSO Group is in a legal standoff with Apple and Meta.