A 23-year-old Serbian formative years activist had their Android telephone centered via a zero-day exploit evolved via Cellebrite to free up the software, in step with a brand new document from Amnesty World.
“The Android telephone of 1 scholar protester used to be exploited and unlocked via a complicated zero-day exploit chain concentrated on Android USB drivers, evolved via Cellebrite,” the global non-governmental group stated, including the lines of the exploit had been came upon in a separate case in mid-2024.
The vulnerability in query is CVE-2024-53104 (CVSS rating: 7.8), a case of privilege escalation in a kernel element referred to as the USB Video Elegance (UVC) motive force. A patch for the flaw used to be addressed within the Linux kernel in December 2024. It used to be therefore addressed in Android previous this month.
It is believed that CVE-2024-53104 used to be blended with two different flaws – CVE-2024-53197 and CVE-2024-50302 – either one of that have been resolved within the Linux kernel. They’re but to be integrated in an Android Safety Bulletin.
- CVE-2024-53197 (CVSS rating: N/A) – An out-of-bounds get right of entry to vulnerability for Extigy and Mbox gadgets
- CVE-2024-50302 (CVSS rating: 5.5) – A use of an uninitialized useful resource vulnerability that may be used to leak kernel reminiscence
“The exploit, which centered Linux kernel USB drivers, enabled Cellebrite shoppers with bodily get right of entry to to a locked Android software to avoid an Android telephone’s lock display and acquire privileged get right of entry to at the software,” Amnesty stated.
“This situation highlights how real-world attackers are exploiting Android’s USB assault floor, profiting from the extensive vary of legacy USB kernel drivers supported within the Linux kernel.”
The activist, who has been given the identify “Vedran” to offer protection to their privateness, used to be taken to a police station and his telephone confiscated on December 25, 2024, after he attended a scholar protest in Belgrade.
Amnesty’s research discovered that the exploit used to be used to free up his Samsung Galaxy A32 and that the government tried to put in an unknown Android software. Whilst the precise nature of the Android app stays unclear, the modus operandi is in line with that of prior NoviSpy spyware and adware infections reported in mid-December 2024.
Previous this week, Cellebrite stated its gear don’t seem to be designed to facilitate any form of offensive cyber process and that it really works actively to curtail the misuse of its era.
The Israeli corporate additionally stated it is going to now not permit Serbia to make use of its device, pointing out “we discovered it suitable to prevent using our merchandise via the related shoppers right now.”