According to a new report from Amnesty International, the 23-year-old Serbian youth activist had an Android phone targeting a zero-day exploit developed by Celebrity to unlock devices.
“One student protester’s Android phone was exploited and unlocked by a sophisticated zero-day exploit chain targeting Android USB drivers developed by Cellebrite,” the international non-governmental organization said, noting that traces of the exploit were discovered in another case in mid-2024.
The vulnerability in question is CVE-2024-53104 (CVSS score: 7.8) and is a case of privilege escalation of kernel components known as USB video class (UVC) drivers. The defective patch was addressed in the Linux kernel in December 2024. It was then dealt with it on Android earlier this month.
CVE-2024-53104 is believed to have been combined with two other defects, CVE-2024-53197 and CVE-2024-50302. Both of these are resolved in the Linux kernel. They are not included in Android Security Breaking News yet.
CVE-2024-53197 (CVSS score: N/A) – Access vulnerabilities in existing and MBOX devices.
“Targeting the Linux Kernel USB driver, Exploit now allows Cellebrite customers to bypass the lock screen of their Android phones to gain privileged access to their devices,” says Amnesty.
“This case draws on the wide range of legacy USB kernel drivers supported by the Linux kernel, highlighting how real-world attackers are leveraging the USB attack surface of Android.”
The activist, given the name “Vedran” to protect his privacy, was taken to a police station confiscated on December 25, 2024 after attending a student protest in Belgrade.
Amnesty analysis revealed that the exploit was used to unlock the Samsung Galaxy A32, and authorities tried to install an unknown Android application. The exact nature of the Android app remains unknown, but it coincides with previous Novispy Spyware infection modalities reported in mid-December 2024.
Earlier this week, Cellebrite said its tool is not designed to promote any kind of offensive cyber activity and will work proactively to reduce the misuse of its technology.
The Israeli company also said it would no longer allow Serbia to use the software, saying it “we have determined that at this time it is appropriate to cease use of the product by related customers.”
Source link
