#Cellebrite Android Zero-Day not 1 but 3 #ZeroDay by Amnesty International’s Security Lab and Google’s Threat Analysis Group

.. published POC exploit code for Android zero-day exploit chain to unlock the device of a student #activist in the country and attempt to install #spyware

.. all within #Linux kernel USB subsystems leveraged by Android, were marked as “under limited, targeted exploitation” in Google’s February 2025 Android security bulletin
https://securityonline.info/cellebrite-android-zero-day-exploit-poc-released-cve-2024-53104/

Android has patched 2 zero-days in this month's Android Security Bulletin

One of the fixes is a patch for a #Cellebrite exploit used by Serbian authorities to unlock the phones of journalists and anti-government protesters

The exploit and the hacks were first detailed in an @amnestytech report in February

There are no details on the 2. zero-day, which impacts the Android kernel USB-audio driver code
https://source.android.com/docs/security/bulletin/2025-04-01

@psuPete Recommends – Weekly highlights on cyber security issues, 3/8/25 https://www.bespacific.com/pete-recommends-weekly-highlights-on-cyber-security-issues-march-8-2025/
Four highlights from this week: 89% of enterprise #AI usage is invisible to the organization; The Digital Packrat Manifesto; #Cellebrite Is Using AI to Summarize #Chat Logs and #Audio from Seized #MobilePhones; and #Flock Threatens #OpenSource Developer #Mapping Its #Surveillance Cameras. #privacy #cybercrime

Эксплойт нулевого дня Cellebrite использовался для взлома телефона сербского студента-активиста.

Детальный разбор взлома пользовательского устройства с помощью Cellebrite через уязвимость в USB-драйверах Android.

#exploit #zeroday #hacking #android #cellebrite #serbia

https://securitylab.amnesty.org/latest/2025/02/cellebrite-zero-day-exploit-used-to-target-phone-of-serbian-student-activist/

Epizodu smo snimili dan nakon što je Apple, u kalendarskoj zimi, saopštenjima organizovao prolećni događaj. Dobili smo novi, manje skupi iPhone, nove iPad uređaje, Macove i čip.

[…]

https://sutra.rs/podcast/appleovo-prolece-nijesedesilo-epizoda-055/

#Cellebrite Is Using #AI to Summarize Chat Logs and Audio from Seized Mobile Phones

https://www.404media.co/cellebrite-is-using-ai-to-summarize-chat-logs-and-audio-from-seized-mobile-phones/

Headline: #Cellebrite Is Using AI to Summarize Chat Logs and Audio from Seized Mobile Phones

Subtitle: The proliferation of #AI through law enforcement tools already has civil liberties experts concerned. “When you have results from an AI, they are not transparent. Often you cannot trace back where a conclusion came from, or what information it is based on. AIs hallucinate," one said.

Source: https://www.404media.co/cellebrite-is-using-ai-to-summarize-chat-logs-and-audio-from-seized-mobile-phones/

#Cellebrite Is Using AI to Summarize Chat Logs & Audio from Seized Mobile Phones

Cellebrite the company which makes near ubiquitous phone #hacking & #forensics tech used by police officers…has introduced AI capabilities into its products, including summarizing chat logs/audio messages from #seized mobile phones

The introduction of #AI into a tool that essentially governs how #evidence against criminal defendants is analyzed already has #CivilLiberties experts concerned

https://www.404media.co/cellebrite-is-using-ai-to-summarize-chat-logs-and-audio-from-seized-mobile-phones/

#Cellebrite Is Using #AI to Summarize Chat Logs and Audio from Seized Mobile Phones

The proliferation of AI through law enforcement tools already has civil liberties experts concerned. “When you have results from an AI, they are not transparent. Often you cannot trace back where a conclusion came from, or what information it is based on. AIs hallucinate," one said
https://www.404media.co/cellebrite-is-using-ai-to-summarize-chat-logs-and-audio-from-seized-mobile-phones/ by @josephcox

Cellebrite's forensic tools were used in Serbia to exploit a student activist's Android phone via a zero-day vulnerability! Amnesty International discovered the attack. Key vulnerabilities: CVE-2024-53104, CVE-2024-53197, CVE-2024-50302. Stay safe & update your devices! More info: https://cyberinsider.com/serbia-used-cellebrite-zero-day-android-attack-on-student-activist/ #CyberSecurity #Privacy #Serbia #Cellebrite #Android #ZeroDay #AmnestyInternational #oldnewz

Ok, to be clear, I don't give a flying fuck about men who murder their wives.
But, I do give a shit about the cops being able to open any phone they want? Are there public documents available on when the gardai are allowed to do this? https://www.rte.ie/news/2025/0303/1499939-court-murder-dublin/

Cellebrite zero-day exploit used to target phone of Serbian student activist
#Cellebrite #CVE_2024_53104 #CVE_2024_53197 #CVE_2024_50302
https://securitylab.amnesty.org/latest/2025/02/cellebrite-zero-day-exploit-used-to-target-phone-of-serbian-student-activist/

Serbian student’s Android phone compromised by exploit from Cellebrite - Amnesty International on Friday said it determined that a zero-day exploit... - https://arstechnica.com/security/2025/02/android-0-day-sold-by-cellebrite-exploited-to-hack-serbian-students-phone/ #amnestyinternational #cellebrite #security #nsogroup #zerodays #android #biz&it

#Android 0-day sold by #Cellebrite exploited to #hack #Serbian student’s phone
#0day #security #privacy #surveillance

https://arstechnica.com/security/2025/02/android-0-day-sold-by-cellebrite-exploited-to-hack-serbian-students-phone/

Amnesty International’s Security Lab, in collaboration with Amnesty’s European Regional Office, has uncovered a new case of misuse of a #Cellebrite product to break into the phone of a youth activist in Serbia #0day

The attack closely matches the form of attack that we previously documented in a report, ‘A Digital Prison’, published in December 2024
https://securitylab.amnesty.org/latest/2025/02/cellebrite-zero-day-exploit-used-to-target-phone-of-serbian-student-activist/

#Cellebrite suspends #Serbia as customer after claims police used firm’s tech to plant #spyware

https://techcrunch.com/2025/02/26/cellebrite-suspends-serbia-as-customer-after-claims-police-used-firms-tech-to-plant-spyware/

#Cellebrite suspends #Serbia as customer after claims police used firm's tech to plant #spyware | TechCrunch

Cellebrite announced on Tuesday that it stopped Serbia from using its technology following allegations that Serbian police and intelligence used Cellebrite’s technology to unlock the #phones of a #journalist and an #activist , and then plant spyware.
#privacy #security

https://techcrunch.com/2025/02/26/cellebrite-suspends-serbia-as-customer-after-claims-police-used-firms-tech-to-plant-spyware/

El estado de la vigilancia - R3D 2025

informe donde la Red en Defensa de los Derechos Digitales #R3D recopila la evidencia que muestra que la vigilancia de comunicaciones en México continua fuera de control.

https://r3d.mx/wp-content/uploads/EDLV_2025.pdf