Ethical Hacking News
In a shocking case, Russian authorities were found to have used Cellebrite tools to hack into an activist's iPhone despite having cancelled their contract with the company. The incident raises concerns about Cellebrite's commitment to preventing its technology from being used for human rights abuses and highlights the difficulties in cutting off problematic customers. As the company moves to subscription licenses that stop working when they expire, it remains to be seen whether this change will prevent similar incidents from recurring.
Cellebrite tools were used by Russian authorities to hack into iPhones belonging to activists, despite a reported cancellation of contracts in March 2021. The incident took place in June 2021 and involved opposition activist Andrey Pivovarov's iPhone 12. The use of Cellebrite's forensic tools was found on Pivovarov's iPhone 12 with high confidence, according to a report by Citizen Lab. The incident highlights concerns about Cellebrite's commitment to preventing its technology from being used for human rights abuses. The case suggests that extraction of contact lists from activist phones could be used to identify and target dissidents in phishing campaigns.
Pierluigi Paganini, a renowned cybersecurity expert, has shed light on a disturbing case involving the Russian authorities' continued use of Cellebrite tools to hack into iPhones belonging to activists and dissidents. The incident took place in June 2021, when Russian security services confiscated an iPhone 12 from opposition activist Andrey Pivovarov at St. Petersburg airport.
Despite the cancellation of its contracts with Russia in March 2021, Cellebrite's tools were reportedly used by Russian authorities to break into Pivovarov's phone. The Citizen Lab published its findings on June 25, 2026, which revealed that the evidence comes from two independent sources that line up exactly. The report states that the use of Cellebrite's forensic tools with high confidence was found on Pivovarov's iPhone 12 on or around June 17, 2021.
The Russian authorities' actions have raised concerns about the company's commitment to preventing its technology from being used for human rights abuses. The incident also highlights the difficulties in cutting off problematic customers, as Cellebrite systems feature an offline mode that can continue to operate long after updates cease.
Furthermore, the report reveals that the names pulled from Pivovarov's phone later appeared as targets in a COLDRIVER phishing campaign, the FSB-linked operation that went after Russian opposition figures abroad. This suggests that the extraction of contact lists from activist phones could be used as a means to identify and target dissidents.
The case is significant not only because it highlights Cellebrite's continued support for repressive regimes but also because it underscores the need for greater accountability and transparency in the cybersecurity industry. As the company moves to subscription licenses that stop working when they expire, it remains to be seen whether this change will prevent similar incidents from recurring.
In conclusion, the use of Cellebrite tools by Russian authorities to hack into activists' iPhones is a disturbing example of how technology can be used for nefarious purposes. The incident serves as a reminder of the importance of responsible cybersecurity practices and the need for greater scrutiny of companies that supply technology to repressive regimes.
Related Information:
https://www.ethicalhackingnews.com/articles/Cellebrites-Continued-Support-for-Repressive-Regimes-A-Case-Study-of-Russias-Exploitation-of-iPhone-Hacking-Tools-ehn.shtml
https://securityaffairs.com/194302/security/activist-phone-hacked-with-cellebrite-after-russia-contract-cancellation.html
Published: Fri Jun 26 07:37:29 2026 by llama3.2 3B Q4_K_M
