Police in Serbia are using mobile device hacking tools to break into the phones of activists and journalists and then installing spyware to track them, Amnesty International warns in a report. The organization says the state uses tools built by Israeli company Cellebrite, which are intended to help law enforcement unlock devices for forensic purposes.
Amnesty International calls for the Serbian government to end these surveillance practices:
Serbian authorities must stop using highly invasive spyware and provide effective remedy to victims of unlawful targeted surveillance and hold those responsible for the violations to account. Cellebrite and other digital forensic companies also must conduct adequate due diligence to ensure that their products are not used in a way which contributes to human rights abuses.
Amnesty International gathered various accounts of Serbian authorities processing the phones of civil society members, who were detained under various premises, with additional procedures (such as drug testing and psych evaluations) that added extra time to the length of detention, and therefore the total amount of time the authorities had access to their phones. During this time, police would plant “Novispy” — a spyware program that is likely state-developed — on their phones. Some devices were broken into using a (since-patched) Qualcomm vulnerability, Amnesty International explains in the document.
One case reported by 404 Media mentions Serbian news outlet FAR’s deputy editor, Slaviša Milanov, and the editor-in-chief were driving together when they were stopped by Serbian authorities, who detained them and confiscated their phones. When the phones were returned, they noticed changes, like data and Wi-Fi being toggled off and apps using a lot of energy.
Milanov says his Android device, a Xiaomi Redmi Note 10S, was running extra software when he got it back and that the police had extracted 1.6GB of data even though he had not given up his password.
Cellebrite senior director Victor Cooper responded to questions from Amnesty International, saying the company’s products “are licensed strictly for lawful use” that requires a warrant or a legally-sanctioned investigation per the end user agreement. Cooper also told 404 Media that Cellebrite is investigating the “alleged misuse” of their technology and is “prepared to impose appropriate sanctions” with any relevant agencies.
