What digital forensics tool was used by Russian authorities to hack into a prominent political opponent's phone?

Cellebrite's UFED phone hacking tool

What evidence was found on Pivovarov's phone indicating the use of UFED?

Forensic evidence including data extracted from WhatsApp and Telegram messages

Cellebrite's UFED Used by Russian Authorities on Opponent's Phone Despite Ban

Researchers found evidence that a Russian unit used Cellebrite's UFED tool to hack Andrey Pivovarov's iPhone, despite the company's claim of cutting ties with Putin's government agencies.

Cellebrite's digital forensics tools have been used by Russian authorities to hack into the phone of a prominent political opponent, despite the company claiming it had cut ties with Putin's government agencies. The case raises questions about whether Western tech companies can truly control how their tools are used once they're in the wild.

What Happened

A recent report by researchers at The Citizen Lab found evidence that a Russian government investigative unit used Cellebrite's phone hacking tool, UFED, to break into the iPhone of Andrey Pivovarov, a local human rights dissident and opposition politician. This happened in June 2021, three months after Cellebrite announced it would stop selling its technology to Russian government customers.

The Citizen Lab researchers were able to find forensic evidence on Pivovarov's phone that it had been hacked with UFED, including data extracted from WhatsApp and Telegram messages. The Russian authorities also searched the phone for political terms and the names of opposition figures, which included targets of alleged Russian government hacking campaigns.

Pivovarov was later sentenced to four years in prison before being freed in August 2024 as part of a prisoner exchange between Russia and Western countries that also freed Wall Street Journal reporter Evan Gershkovich.

Background and Context

Cellebrite is an Israeli digital forensics company that provides tools for law enforcement agencies, enterprises, and service providers to collect, review, analyze, and manage digital data. The company's flagship product series is the Cellebrite UFED, which includes phone hacking tools.

In 2021, Cellebrite announced it would stop selling its solutions and services to customers in Russian Federation and Belarus, citing compliance policies and international rules and regulations. However, it appears that this decision did not prevent Russian authorities from using Cellebrite's tools to hack into Pivovarov's phone.

Cellebrite has faced criticism for its role in providing surveillance technology to governments with questionable human rights records. The company has cut ties with several countries, including Bangladesh, China, and Hong Kong, following reports of abuse.

Why It Matters

The case highlights the challenges that tech companies face when their tools are used by governments or other entities for malicious purposes. Cellebrite's decision to stop selling its technology to Russian government customers did not prevent its tools from being used in this way, raising questions about the effectiveness of such measures.

This issue is particularly relevant to the adult industry, where companies often rely on digital forensics tools to investigate and prosecute cases. The use of such tools by governments or other entities with questionable human rights records can have serious implications for the industry as a whole.

What Comes Next

The case has sparked calls for Cellebrite to take further action to prevent its tools from being used in this way. Researchers at The Citizen Lab have suggested that Cellebrite should remotely disable deployments following credible reports of abuse, and implement cryptographically-signed watermarks on all imaged devices.

Cellebrite's response to the allegations has been limited, with a spokesperson stating that the company stopped selling its solutions and services to Russian government customers in March 2021, terminating existing licenses and immediately beginning to unwind all legal contracts. However, it remains unclear why Cellebrite's tools were still used by Russian authorities in this case.

Key Facts

Cellebrite announced in 2021 that it would stop selling its solutions and services to customers in Russian Federation and Belarus.
The company claimed it had terminated existing licenses and immediately begun unwinding all legal contracts with Russian government customers.
Despite this, researchers at The Citizen Lab found evidence that a Russian government investigative unit used Cellebrite's phone hacking tool, UFED, to break into the iPhone of Andrey Pivovarov in June 2021.
The use of Cellebrite's tools by Russian authorities raises questions about the effectiveness of measures taken by tech companies to prevent their tools from being used for malicious purposes.
Cellebrite has faced criticism for its role in providing surveillance technology to governments with questionable human rights records.
The case highlights the challenges that tech companies face when their tools are used by governments or other entities for malicious purposes.