Donncha Ó Cearbhaill Profile picture
Feb 28 7 tweets 3 min read Read on X
🚨 UPDATE YOUR DEVICES 🚨: Amnesty International uncovers sophisticated zero-day exploit affecting billions of Android devices.

Cellebrite's Linux USB exploit was used to unlock the phone of a Serbian youth activist, targeted in December 2024 **after** previous reports abuses Image
Our team at the Security Lab saw this Linux kernel USB exploit chain used against multiple people since mid-2024.

We shared traces of exploit with Google's Threat Analysis Group allowing for the identification of at least three zero-day vulnerabilities

securitylab.amnesty.org/latest/2025/02…
The USB exploit chain targets mainline Linux kernel drivers, potentially affecting devices across all Android vendors.

At least five different USB device type types were used as part of the exploitation process. More exploit details are shared in our blog post Image
Cases like this show how real-world attackers are exploiting the latest mobile devices.

Android vendors should urgently implement security mitigations to limit the large attack exposed to malicious USB devices connected to a locked Android phone.

grapheneos.org/features#usb-c…
This work would not be possible without the trust of the targeted student activist, and close collaboration with Google TAG m partners across Serbian civil society and many @Amnesty colleagues

@benoitsevens @BIRNSrbija @ShareConference @Jelena_Sesar @ruairin
Earlier this week @Cellebrite announced that they were suspending Serbian customers following these repeated reports of misuse. This action is an important first-step to limit ongoing harm from their products

Our partners at @BIRNSrbija have an excellent piece today featuring the student activist targeted in this case. See the human impact that these invasive tools can have alongside other oppressive tactics and intimidation

Highly recommend reading

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Donncha Ó Cearbhaill

Donncha Ó Cearbhaill Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @DonnchaC

Dec 16, 2024
🚨 BREAKING: Amnesty’s latest report on digital surveillance in Serbia: new *NoviSpy* spyware discovered; zero days identified and patched; and first evidence showing use of Cellebrite UFED forensic products to unlock phones to then infect with spyware. 🧵 Image
1/ In February 2024, During a supposedly routine police traffic stop, Serbian journalist Slaviša Milanov had his phone unlocked with Cellebrite and covertly hacked and infected with the *NoviSpy* spyware by Serbian authorities

securitylab.amnesty.org/latest/2024/12…
2/ Our forensic investigation found a pattern where Cellebrite zero-day exploits were used to first bypass Android device lock screens and encryption before infection. Cellebrite UFED has also been used widely to extract data from phones of youth activists and protestors Image
Read 9 tweets
Sep 14, 2023
Bombshell new report today from Haaretz (@omerbenj) about the spyware industry’s continued efforts to subvert our collective cyber-security, now by turning already invasive ad networks into spyware infection vectors.

haaretz.com/israel-news/20…
haaretz.com/israel-news/20…
Ad-network powered spyware infection is enabled by combining tactics from the targeted digital advertising ecosystem and the mercenary spyware industry; two industries whose business models are inherently incompatible with the right to privacy.
This is dangerous new development that adds a new zero-click threat to an arsenal of spyware tactic which are almost impossible for targeted individuals to identify or protect themselves against.
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(