Cellebrite halts use of its forensic tool in Serbia

UPDATE 28 February 2025:

Amnesty International’s Security Lab found one more case of abuse of Cellebrite’s tool on a phone of a student activist, who was held on 25 December after attempting to attend the SNS rally in Sava centar. More information and technical findings available at: https://securitylab.amnesty.org/latest/2025/02/cellebrite-zero-day-exploit-used-to-target-phone-of-serbian-student-activist/

The digital forensics tool is withdrawn from use by clients in Serbia, the company Cellebrite announced on February 25. The company conducted an internal investigation into the misuse of its products following a December 2024 report by Amnesty International (AI), which stated that the tool had been used in Serbia for unauthorized unlocking of phones belonging to civil activists and journalists.

According to the statement, Cellebrite made this decision in accordance with its ethics and integrity policies. The company emphasized that its products support “lawfully sanctioned investigations” and noted that these tools are not “spyware, surveillance or any other type of offensive cyber activity.” Cellebrite further clarified that it assesses the countries “both on an annual and ad hoc basis due to political and cultural shifts. We regularly track countries and review a multitude of indexes ranging from democratization to human rights to rule of law.”

Head of AI’s Security Lab, Donncha Ó Cearbhaill, stressed that withdrawing licences from customers who misused the equipment for political reasons is a critical first step. “Now, Serbian authorities must urgently conduct their own thorough and impartial investigations, hold those responsible to account, provide remedies to victims and establish adequate safeguards to prevent future abuse,” Ó Cearbhaill stated.

Forensic experts analysing the phones of journalists and activists in Serbia have reliably determined that the police and the Security Information Agency (BIA) used a new type of spyware, which Amnesty International called NoviSpy, in conjunction with the misuse of the highly sophisticated Cellebrite tool. At the time, BIA categorically rejected the claims in AI’s report, while the Ministry of Interior stated that the tool was used strictly in accordance with the law.

The Cellebrite UFED product package, developed for use by state investigative authorities, enables data extraction from mobile devices even without access to the passwords. The Norwegian Ministry of Foreign Affairs donated this digital forensic tool to Serbia’s Ministry of Interior through the United Nations Office for Project Services (UNOPS).

Amid near-daily protests across Serbia and armed police raids on civil society organisations, the misuse of spyware technology and digital surveillance of citizens poses an extremely high risk to human rights and advocacy for the public interest. The SHARE Foundation demands that the competent institutions immediately conduct investigations in line with the civil sector’s complaints.