A recent Amnesty International investigation reveals a troubling escalation in state-linked surveillance, showing that a zero-day exploit sold by Cellebrite was used to compromise the phone of a Serbian student who had voiced criticism of the government. The findings come as Amnesty International reaffirmed concerns about Serbia’s broader pattern of spyware use against civil society, a practice it first highlighted in a December report. That earlier report accused Serbian authorities of deploying exploits from Cellebrite and NSO to tighten control and suppress dissent, prompting Cellebrite to suspend sales to “relevant customers” in Serbia in response. The new case underscores how these tools can increasingly reach activists and human rights defenders, even after public scrutiny and calls for reform.
This article provides a comprehensive look at what Amnesty International uncovered, the technical underpinnings of the attack, the security patch landscape, and the implications for civil society, policymakers, and everyday Android users. It also examines how the incident connects with prior reporting and what it means for the broader ecosystem of surveillance-as-a-service, where commercial firms market offensive cyber capabilities to government customers. The case at hand centers on a Serbian student who had been critical of authorities, whose Android device was compromised through an attack chain designed to bypass a fully patched Android lock screen by exploiting vulnerabilities in Linux kernel USB drivers. It also highlights the ongoing debates around accountability, the ethics of selling exploit chains, and the urgent need for robust security hygiene, especially for people operating in high-risk political environments.
Background: Surveillance, spyware, and the context in Serbia
Amnesty International’s December report framed a persistent pattern of surveillance and repression aimed at civil society in Serbia, raising concerns about the state’s use of commercial spyware tools to monitor and control activists, journalists, and opposition voices. The report specifically called out the use of exploits sold by Cellebrite and NSO, emphasizing that these tools enable operators to bypass digital defenses and obtain sensitive data, often with a level of sophistication that makes detection challenging. In response to those allegations, Cellebrite stated that it had suspended sales to relevant customers in Serbia, signaling at least a temporary pause in direct access to its proprietary capabilities for that market. This context is critical because it situates the new incident not as an isolated event but as part of a broader arc in which commercial spyware tools have permeated the surveillance landscape in Serbia and beyond.
A zero-day exploit, by definition, is a vulnerability that is unknown to vendors and the public at the moment it is weaponized, leaving devices unprotected until a patch is developed and deployed. The use of a zero-day exploit to compromise a mobile device carries especially dire implications for civil liberties, because it can operate covertly, often with physical access, and can unlock devices, retrieve data, or install additional surveillance payloads with relatively little user interaction. Amnesty International’s ongoing investigations seek to understand whether such exploit chains are part of a wider effort to suppress dissent and how authorities justify and deploy these tools within the framework of law, policy, or opportunistic measures. The Serbian student in question, described as someone who regularly participated in student protests in Belgrade, became a focal point in this narrative, illustrating how activists and their devices may become targets in real time.
The attack chain and the role of Cellebrite
The new incident uncovered by Amnesty International involves the sale and deployment of an attack chain by Cellebrite that can defeat the lock screen on Android devices that are fully patched. The chain leverages vulnerabilities in the Linux kernel’s USB drivers—components that widely manage how the kernel communicates with USB hardware. By exploiting these vulnerabilities, Cellebrite’s customers with physical access to a locked Android device could bypass the device’s lock screen and escalate privileges on the device. The reach of this attack is not limited to a single device or vendor; because the vulnerabilities lie in core Linux kernel USB handling, the potential impact spans a broad spectrum of devices that rely on USB interactions and Linux-based systems.
The Amnesty International report highlights that the vulnerability chain can be effective even when devices have applied manufacturer or Android security patches, provided the exploit is delivered with physical access and the necessary exploit chain elements. The researchers noted that such an attack chain could enable access to kernel memory and memory handling routines as part of the exploitation sequence. The use of USB peripherals during the initial stages, and later stages in which peripherals repeatedly connected to the phone, appears to form part of the strategy to exfiltrate data or to facilitate deeper compromise. The peripherals involved are described as likely specialized devices that emulate video or sound devices, enabling the attacker to interact with or mislead the targeted device during the exploitation process.
Forensic traces from the compromised phone indicated that the assailants attempted to install an unknown application after unlocking the device. This installation pattern aligns with earlier cases that Amnesty International has uncovered in which spyware—tracked as NoviSpy—was installed on Cellebrite-compromised devices. NoviSpy has surfaced in prior investigations described by the group as part of the broader toolkit used by some exploit sellers and their government customers. Taken together, these forensic insights suggest a multi-stage operation: initial compromise via a hardware-assisted chain, followed by post-exploit installation of a monitoring or spyware payload, and ongoing attempts to expand access within the device’s environment.
A patchwork of CVEs: What was known about the vulnerabilities
Two core vulnerabilities underpinning this chain were tracked as CVEs, with a separate upstream patch pathway for Linux kernel components and Android’s upstream integration. The vulnerability CVE-2024-53104, which is linked to the Linux kernel USB driver stack, was addressed in the February 2025 Android Security Bulletin. This indicates that Google recognized the risk and coordinated a patch within Android’s security ecosystems, guiding device manufacturers and users to apply the fix through standard security channels. In parallel, two other related vulnerabilities—CVE-2024-53197 and CVE-2024-50302—had already been patched in the upstream Linux kernel. However, as of the time of Amnesty International’s report, these upstream patches had not yet been incorporated into the Android operating system’s own patch level, leaving a potential window of exposure for Android devices that had not yet received Android’s own patch integration for these issues.
From a risk-management perspective, the split patch status matters. While the Linux kernel community may have addressed these vulnerabilities, the Android ecosystem relies on a coordinated integration by device manufacturers and Google’s Android Security Bulletins to ensure that the patches reach end users. This separation can create latency between a vulnerability being fixed upstream and users receiving protections on their specific devices. The patch dynamics underscore the importance for users to monitor vendor advisories and Android security bulletins, and for policymakers and security advocates to call for faster, more reliable patch adoption across devices, particularly for devices used by civil society actors who may be targeted.
The new incident in depth: Technical details, forensic evidence, and implications
Amnesty International’s investigation centers on a new attack scenario in which Cellebrite’s exploit chain targeted a Serbian student’s Android device, bypassing a lock screen despite the device having received a February 2025 Android patch. This case adds to the documentary evidence of ongoing, state-associated surveillance strategies aimed at civil society, and it demonstrates how exploit sellers can deliver sophisticated chains that operate under the surface, even when patches exist. The Israeli-style question-and-answer dynamic around such exploits—how they are delivered, what their prerequisites are, and how they are detected—remains a critical focal point for human rights groups, security researchers, and policymakers trying to balance national security concerns with civil liberties.
The attack’s technical profile emphasizes several core aspects:
-
The chain’s reliance on Linux kernel USB driver vulnerabilities: By manipulating the way USB hardware is recognized and processed by the device’s kernel, attackers can achieve a foothold that bypasses the Android lock screen, enabling privileged access to the device’s stores of data.
-
The necessity (or at least the likelihood) of physical access: The description indicates that physical access to the device is part of the initial attack phase, with peripherals connected to the phone in the early stages and repeatedly in later stages. This physical access requirement raises important questions about the risk profile for activists traveling with mobile devices, as well as the need for secure device-handling practices in protest environments and during migrations.
-
The use of special-purpose peripherals: The narrative points to peripherals that emulate video or audio devices, suggesting that the attack chain employs hardware-based deception to facilitate exploitation. This aligns with broader concerns about how supply chains and hardware interfaces can be abused to subvert device protections.
-
Post-unlock app installation consistent with NoviSpy patterns: Forensic traces indicating that an unknown app was installed after the device was unlocked align with previously documented NoviSpy-related activity in Cellebrite-compromised devices. While the report does not claim a direct, exclusive correlation, the consistency of this pattern with prior NoviSpy activity strengthens the case for a continued modus operandi among certain exploit sellers and their customers.
-
Cross-device and cross-ecosystem implications: Because the exploited weaknesses lie in core USB handling—a fundamental interface used across many devices—the potential impact extends beyond a single phone model or even Android as a whole. While the report notes that there is no evidence that this particular chain targeted non-Android Linux devices, the theoretical risk to Linux computers and embedded Linux devices remains a concern for security professionals and device designers.
-
Patch status and future risk: The fact that CVE-2024-53104 is patched in the Android Security Bulletin while the other two CVEs have been patched upstream but not yet integrated into Android highlights a persistent risk window. It underscores the need for ongoing vigilance among users, defenders, and manufacturers to ensure that patches flow through the entire ecosystem rapidly and consistently.
A Google spokesperson acknowledged awareness of these vulnerabilities and exploitation risks ahead of the public reporting, stating that fixes had been developed and distributed to OEM partners via a partner advisory on January 18. The company noted that these CVEs would be included in future Android Security Bulletins and would be required by Android Security Patch Level (SPL). The spokesperson also reinforced best security practices, advising users to update their devices as soon as security patches or software updates become available. This statement reflects a standard industry response that emphasizes patching as a critical line of defense, even as the realities of patch rollout and patch level enforcement continue to present challenges for users and device ecosystems alike.
The victim, a 23-year-old student who participated in ongoing Belgrade protests, did not exist in isolation from a broader human rights context. The incident highlights how political activism can intersect with cyber-surveillance capabilities, raising questions about the risks faced by participants in peaceful demonstrations and the extent to which state actors may deploy offensive tools to monitor, disrupt, or intimidate dissidents. Amnesty International’s findings contribute to a larger conversation about how to shield civil society in environments where state actors possess or seek access to powerful surveillance technologies.
Forensic narrative and investigative findings
-
The attack chain involved a sequence where a device was unlocked, after which a new application was installed, consistent with patterns associated with NoviSpy spyware. The timing and sequence of events align with earlier cases the organization has documented, reinforcing concerns about repeatable attack techniques used by Cellebrite customers.
-
The USB-based initial access strategy indicates a staged approach where the attacker leverages hardware connections to coax kernel-level access, enabling memory disclosure and exploitation of kernel memory structures. The description of peripherals acting as video or audio devices suggests that the attackers used specialized hardware to simulate legitimate device behavior, thereby evading some conventional detection vectors.
-
The broader implication for defense is clear: devices with hardware interfaces, when connected to third-party peripherals, may be at elevated risk of exploitation if the attacker can leverage kernel-level vulnerabilities through those interfaces. This reinforces the importance of hardware-level security controls and careful management of physical access to devices used in high-risk environments.
Patch status, risk, and vendor responses
The vulnerability landscape in this incident reveals a multi-layered patch timeline:
-
CVE-2024-53104: Patched in the February 2025 Android Security Bulletin. This patch addresses the specific USB driver vulnerability leveraged in the chain and represents a key mitigation for Android devices in the patched category.
-
CVE-2024-53197 and CVE-2024-50302: Patched upstream in the Linux kernel, but not yet integrated into Android. This discrepancy creates a lag between Linux core fixes and Android-level protections, leaving some Android devices unprotected until Android’s own patch cycle catches up and device manufacturers push the updates.
-
Android patch dissemination: Google’s public stance emphasizes that patches have been developed and will be included in future Android Security Bulletins, underscoring the ongoing process of translating kernel-level fixes into end-user protections. The SPL (Security Patch Level) requirement ensures devices adhere to a minimum level of security, but achieving universal adoption remains a challenge due to manufacturer update cycles, device form factors, and user behavior.
-
OEM and device maker role: The effectiveness of any patch hinges on timely implementation by device makers and timely user updates. In practice, even when patches exist, users may remain unprotected if devices do not receive patches promptly or if users do not apply updates. This dynamic often creates a security gap that exploit sellers can attempt to exploit.
-
Broader security implications: The fact that the vulnerability chain could affect a wide range of devices, including Linux computers and embedded Linux devices, means that the risk is not confined to Android handsets alone. While the current case focuses on Android phones, the underlying kernel-level vulnerabilities could, in principle, translate to other Linux-based targets, reinforcing the need for defenders to consider cross-platform mitigations and threat modeling.
Impact on civil society, policy, and public discourse
Amnesty International’s investigation brings the discussion back to the human dimension of these technologies. The use of exploit chains by state-affiliated actors against activists and dissenters raises profound concerns about the balance between national security prerogatives and civil liberties. The Serbian context—where authorities have faced international scrutiny over surveillance practices—illustrates how governments may leverage commercially sold offensive tools to monitor, suppress, or disrupt civil society activities. The ongoing calls for reform, transparency, and accountability remain central to this narrative, as does the need for robust legal frameworks that can constrain misuse while allowing legitimate security research and law enforcement activities.
The report’s emphasis on the continued surveillance of civil society after prior inquiries signals that promises of reform may not be fully realized and that oversight mechanisms must be strengthened. It also highlights the role of independent organizations in uncovering and documenting sophisticated spyware deployments, providing a counterweight to state narratives and offering critical safety guidance to activists and other at-risk groups. In this context, the findings serve as a wake-up call for policymakers to consider how to regulate the sale and use of offensive cyber capabilities, and for technology providers to reinforce protective measures that render such exploits more difficult to deploy in real-world settings.
Practical guidance for users and defenders
-
Stay updated on patches: Ensure your Android device is configured to receive automatic updates and apply the February 2025 Android Security Bulletin and any subsequent patches as soon as they are released by the device maker or Google.
-
Be mindful of physical access risks: As with many high-risk exploits of this nature, physical access to a device significantly increases exposure. Exercise caution in environments where devices may be handled by others, particularly in protest settings or high-traud contexts.
-
Verify patch levels across devices: If you manage multiple devices (in a group, organization, or family), verify patch levels and ensure devices align with recommended SPLs. The fragmentation of Android updates means some devices may lag behind. A proactive approach—checking patch levels, updating promptly, and maintaining a policy of regular security checks—helps reduce risk.
-
Consider defensive hardware practices: Given the role of USB-based attack chains, consider hardware controls for USB access in high-risk environments. Use USB port lockdowns, trusted peripherals, and device management policies to limit untrusted hardware interactions.
-
Monitor for NoviSpy indicators: While detection can be technically challenging, awareness of patterns associated with NoviSpy spyware and similar post-unlock installation behaviors can help in incident response and forensic investigations.
-
Maintain safe security hygiene: In addition to patching, follow best practices for device security, including screen lock configurations, encryption, trusted app sources, and routine reviews of installed applications.
-
Encourage responsible disclosure and accountability: Support ongoing efforts to improve transparency around spyware sales, the legality of surveillance tools, and the fairness of oversight mechanisms for vendors and government customers.
Conclusion
The Amnesty International findings illuminate a troubling trajectory in which commercial exploit vendors like Cellebrite supply powerful attack chains used to compromise devices belonging to activists and critics of the state, even in contexts where patches exist. The Serbian case reinforces the concerns raised in December about the ongoing surveillance of civil society, and it highlights how the combination of physical access, hardware-assisted exploits, and a multi-stage deployment can undermine personal privacy and safety. The disclosure also clarifies the patch dynamics across Android and Linux, showing that while some vulnerabilities have been addressed, patch integration into Android remains uneven, creating a window of potential exposure for devices until all layers are updated.
The broader implication is clear: as surveillance tools become increasingly commodified, protecting civil society requires a combination of robust technical defenses, rapid patching, strong governance over the sale and use of offensive cyber capabilities, and vigilant, independent reporting that can illuminate abuses and drive reform. For individual users, this means staying current with security updates, practicing disciplined device hygiene, and recognizing the heightened risks associated with physical access to devices in sensitive political contexts. The ongoing work of human rights organizations, researchers, and policymakers will be essential to ensuring that the tools designed for legitimate security purposes are not repurposed to suppress democratic engagement or crack down on dissent.
