News

Cellebrite halts use of its forensic tool in Serbia

UPDATE 28 February 2025:

Amnesty International’s Security Lab found one more case of abuse of Cellebrite’s tool on a phone of a student activist, who was held on 25 December after attempting to attend the SNS rally in Sava centar. More information and technical findings available at: https://securitylab.amnesty.org/latest/2025/02/cellebrite-zero-day-exploit-used-to-target-phone-of-serbian-student-activist/



The digital forensics tool is withdrawn from use by clients in Serbia, the company Cellebrite announced on February 25. The company conducted an internal investigation into the misuse of its products following a December 2024 report by Amnesty International (AI), which stated that the tool had been used in Serbia for unauthorized unlocking of phones belonging to civil activists and journalists.

According to the statement, Cellebrite made this decision in accordance with its ethics and integrity policies. The company emphasized that its products support “lawfully sanctioned investigations” and noted that these tools are not “spyware, surveillance or any other type of offensive cyber activity.” Cellebrite further clarified that it assesses the countries “both on an annual and ad hoc basis due to political and cultural shifts. We regularly track countries and review a multitude of indexes ranging from democratization to human rights to rule of law.”

Head of AI’s Security Lab, Donncha Ó Cearbhaill, stressed that withdrawing licences from customers who misused the equipment for political reasons is a critical first step. “Now, Serbian authorities must urgently conduct their own thorough and impartial investigations, hold those responsible to account, provide remedies to victims and establish adequate safeguards to prevent future abuse,” Ó Cearbhaill stated.

Forensic experts analysing the phones of journalists and activists in Serbia have reliably determined that the police and the Security Information Agency (BIA) used a new type of spyware, which Amnesty International called NoviSpy, in conjunction with the misuse of the highly sophisticated Cellebrite tool. At the time, BIA categorically rejected the claims in AI’s report, while the Ministry of Interior stated that the tool was used strictly in accordance with the law.

The Cellebrite UFED product package, developed for use by state investigative authorities, enables data extraction from mobile devices even without access to the passwords. The Norwegian Ministry of Foreign Affairs donated this digital forensic tool to Serbia’s Ministry of Interior through the United Nations Office for Project Services (UNOPS).

Amid near-daily protests across Serbia and armed police raids on civil society organisations, the misuse of spyware technology and digital surveillance of citizens poses an extremely high risk to human rights and advocacy for the public interest. The SHARE Foundation demands that the competent institutions immediately conduct investigations in line with the civil sector’s complaints.

Related content

SHARE has brought Google to Serbia

Any requests and objections which the citizens of Serbia may have regarding their personal data processed by Google, can now be resolved through the company’s representative in Serbia. Google, as one of the first tech-giants complying with the new Serbian law, wrote a letter to the Commissioner for Information of Public Importance and Personal Data Protection, […]

Open Letter: Serbian authorities must prosecute illegal hacking of journalists and activists

Today, 19 December, European Digital Rights (EDRi) and 50 organisations urge the European Union’s institutions to take action to stop the Serbian authorities’ illegal use of spyware to target journalists, activists, and members of civil society. On 16 December, Amnesty International released a report exposing widespread abuses by the Serbian police and Security Information Agency (BIA) through the use […]

BIRN Serbia journalists targeted with spyware

According to the findings by Amnesty International (AI), two investigative journalists of the online portal BIRN Serbia have been targeted by the Pegasus spyware, developed by the Israeli NSO Group. Jelena Veljković and another journalist who wished to remain anonymous received suspicious Viber messages on 14 February from the same unknown Serbian phone number. One […]