Android Flaws Discovered: Student Phone Hacked

Android Vulnerabilities Exploited by Forensic Tools

Amnesty International has revealed that security weaknesses within the Android operating system have been addressed by Google. These previously unknown flaws permitted authorities to gain access to mobile phones utilizing forensic technologies.

Discovery of Zero-Day Vulnerabilities

A report published by Amnesty International on Friday detailed a sequence of three zero-day vulnerabilities. These were developed by Cellebrite, a company specializing in phone unlocking, and were identified during an investigation into the hacking of a student protester’s phone in Serbia.

The vulnerabilities reside within the Linux USB kernel, a core component of Android. This means the issue isn’t confined to specific devices or manufacturers, potentially affecting over a billion Android devices globally, as stated in the report.

Understanding Zero-Day Exploits

Zero-days represent security flaws in software or hardware that are unknown to their creators at the time of discovery. This lack of awareness allows malicious actors, including criminals and government entities, to compromise systems more effectively, as no immediate fix exists.

Collaboration with Google

Amnesty International initially detected indications of one of these vulnerabilities in mid-2024. Subsequently, after examining the compromise of a student activist’s phone in Serbia last year, the organization shared its findings with Google’s Threat Analysis Group. This collaboration prompted Google researchers to pinpoint and rectify the three distinct flaws.

The investigation into the activist’s phone revealed a USB exploit. This allowed Serbian authorities, leveraging Cellebrite tools, to unlock the device.

Cellebrite's Response

Victor Cooper, a spokesperson for Cellebrite, directed inquiries to a statement the company released earlier this week.

In December, Amnesty International reported instances of Serbian authorities utilizing Cellebrite forensic tools to unlock the phones of both an activist and a journalist. Following this, the NoviSpy Android spyware was reportedly installed on these devices. Cellebrite subsequently announced the suspension of service to its Serbian customer in response to the allegations of misuse.

“Following a review of the allegations presented in the December 2024 Amnesty International report, Cellebrite undertook a thorough investigation of each claim, adhering to our ethical and integrity policies. We determined it was appropriate to halt the use of our products by the customer in question at this time,” Cellebrite stated.

Further Investigation in Serbia

Amnesty International was contacted in January to analyze the device of a youth activist arrested by the Serbian Security Information Agency (Bezbednosno-informativna agencija or BIA) late last year.

“The details surrounding his arrest, and the conduct of the BIA officers, closely mirrored the tactics employed against protesters, as documented in our December report. A forensic examination of the device in January confirmed the use of Cellebrite on the student activist’s phone,” Amnesty International explained.

Similar to previous cases, authorities utilized a Cellebrite device to unlock the activist’s Samsung A32 phone “without their knowledge or consent, and outside the bounds of a lawful investigation,” according to Amnesty.

Human Rights Concerns

“The commonplace application of Cellebrite software against individuals exercising their rights to freedom of expression and peaceful assembly cannot be considered a legitimate objective,” Amnesty International asserted, “and therefore constitutes a violation of human rights law.”

Recommendations for At-Risk Individuals

Bill Marczak, a senior researcher at Citizen Lab, a digital rights organization focused on spyware research, suggested on X (formerly Twitter) that activists, journalists, and civil society members “who may have their phones seized by authorities (during protests, at borders, etc.) should consider switching to iPhone” due to these vulnerabilities.

Donncha Ó Cearbhaill, head of Amnesty’s Security Lab, conveyed to TechCrunch that “the widespread availability of such tools leads me to believe that we are only beginning to understand the extent of the harm caused by these products.”

Google has not yet issued a response to a request for comment.