Serbian authorities have taken a troubling step in using forensic tools like Cellebrite to unlock smartphones and install spyware, marking a concerning precedent for surveillance practices globally. Amnesty International’s new report documents the first-known instances where Cellebrite tools were allegedly used to facilitate spyware infections, targeting journalist Slaviša Milanov and youth activist Nikola Ristić earlier this year.
Spyware abuse by governments is not new, but these cases in Serbia highlight an alarming evolution in its deployment. In recent years, spyware from vendors like NSO Group and Intellexa has been used to target journalists, activists, and political dissidents. However, increasing costs and complexity of zero-day exploits have forced authorities to revert to older, less sophisticated methods, such as physically accessing devices.
In Serbia, this involved using Cellebrite tools to extract data and install a novel spyware dubbed “NoviSpy” by Amnesty researchers. Unlike previous remote spyware deployments, this approach required authorities to physically detain targets, seize their phones, and secretly tamper with them—a disturbing resurgence of direct intrusion tactics.
The Serbian Cases: Milanov and Ristić
Journalist Slaviša Milanov was stopped by police in February 2024 for what appeared to be a routine traffic check. He was taken to a police station, where his Android phone, a Xiaomi Redmi Note 10S, was confiscated. Upon its return, Milanov noticed unusual activity: his mobile data and Wi-Fi had been turned off, and app usage tracking revealed that several apps, including Settings, Security, and Google Play Store, had been accessed during the time his phone was out of his possession.
Through forensic analysis, Amnesty discovered that Milanov’s phone had been unlocked using Cellebrite and infected with NoviSpy. Similar findings emerged in the case of activist Nikola Ristić, suggesting a systematic effort to surveil Serbian civil society.
The Origins and Purpose of NoviSpy
Amnesty’s investigation linked NoviSpy’s development and deployment to Serbia’s Security Information Agency (BIA). NoviSpy was designed to covertly extract data, monitor communications, and provide remote access to infected devices. Serbian language strings in the code and the spyware’s communication with servers hosted within an IP range associated with the BIA strengthened this attribution.
Notably, Amnesty traced NoviSpy’s connection to a specific IP address, 195.178.51.251, which Citizen Lab had previously tied to the BIA in 2015. Further, leaked emails from the now-defunct spyware vendor Hacking Team revealed that a BIA agent had sought spyware demos as early as 2012, suggesting Serbia’s long-standing interest in such technologies.
Systematic Targeting of Civil Society
Amnesty analyzed devices from two dozen Serbian activists and journalists, uncovering widespread NoviSpy infections. Operational security mistakes by the BIA revealed that more than 20 individuals had likely been targeted in just one month, and NoviSpy’s version history suggested its use dates back to at least 2018.
The spyware’s deployment appears to be part of a broader strategy to suppress dissent, with arrests and detentions orchestrated to facilitate covert phone access. Amnesty’s discovery of a Qualcomm chipset exploit, also used against an activist’s phone, underscores the sophistication of Serbia’s surveillance operations. Qualcomm patched the vulnerability following Amnesty’s disclosure.
Cellebrite, a leading provider of phone-unlocking tools, has come under scrutiny for its role in these cases. While the company denies its tools can install malware, it acknowledged the potential for misuse by third parties. Amnesty’s findings challenge this claim, highlighting how Cellebrite’s technology facilitated spyware installation.
Cellebrite’s spokesperson, Victor Cooper, stated that the company would investigate Serbia’s alleged breach of its end-user agreement and reconsider its business with the country if violations are confirmed. Cellebrite currently operates in over 100 countries, including those with questionable human rights records, raising concerns about the broader implications of its technology.
The Serbian cases echo surveillance methods of the early 2000s when spyware was physically installed on targets’ devices. For example, the FBI planted keylogging software on mobster Nicodemo Scarfo’s computer in 2001. Similarly, early spyware by Hacking Team relied on USB drives and CDs for deployment.
As advanced spyware becomes costlier and harder to develop, governments appear to be reverting to physical access methods to hack devices. This troubling trend, combined with modern forensic tools like Cellebrite, poses new threats to privacy and civil liberties worldwide.
Amnesty’s findings in Serbia expose a chilling reality: sophisticated spyware, once deployed remotely, is now being planted physically with the aid of forensic tools like Cellebrite. The cases of Milanov and Ristić highlight how governments are weaponizing technology to suppress dissent and monitor civil society.
With surveillance tools becoming more accessible to authorities globally, these developments serve as a stark reminder of the urgent need for stronger regulations, transparency, and accountability to protect individuals from invasive state surveillance.