According to a recent report from Amnesty International, a 23-year-old Bosnian youth activist was the victim of a zero-day abuse created by Cellebrite to uncover the device.
According to the global non-governmental organization,” a complex zero-day exploit chain targeting Android USB drivers was used to exploit and unlock one student protester’s Android phone,” the exploitation was followed by a separate case in mid-2024, according to the worldwide non-governmental organization.
( CVSS score: 7.8), a case of privilege escalation in a kernel component known as the USB Video Class ( UVC ) driver, is the vulnerability in question. In December 2024, a piece for the bug was released for the Linux seed. It was later addressed in Android earlier this month.
It’s believed that CVE-2024-53104 was combined with two different defects – CVE-2024-53197 and CVE-2024-50302 – both of which have been resolved in the Linux seed. An Android Security Bulletin has yet to include them.
- CVE-2024-53197 ( CVSS score: N/A )- Extigy and Mbox devices have an out-of-bounds access vulnerability.
- ( CVSS score: 5.5 )- A vulnerability in the kernel memory that can be used to leak core memory.
The exploit, which targeted Linux kernel USB vehicles, gave Cellebrite consumers access to a locked Android device with physical access to pass the device’s lock screen and get wealthy exposure, according to Amnesty International.
” This case highlights how legitimate adversaries are exploiting the wide range of legacy USB core drivers that the Linux kernel supports,” according to the article.
After attending a student protest in Belgrade on December 25, 2024, the activist was taken to a police station and his phone taken. He was given the name” Vedran” to protect their privacy.
According to Amnesty’s analysis, the authorities attempted to fit an unidentified Android app while the victim was using the exploit to unlock his Samsung Galaxy A32. The Android app’s specific essence is still a mystery, but the operating system follows the same pattern as previous infections that were discovered in the middle of December of 2024.
Cellebrite stated earlier this week that its tools are not intended to facilitate any kind of unpleasant cyber activity and that it is constantly working to stop the misuse of its technology.
The Israeli business added that it will no longer permit Serbia to use its application, stating that it was appropriate to” halt the use of our products by the appropriate customers at this time.”