Russia Used Cellebrite Phone-Hacking Tool to Crack Down on Dissident After Firm Cut Off Country

Russian authorities used Cellebrite's phone data extraction technology to snoop on a dissident's device three months after the Israeli commercial surveillance company announced it would stop working with the country due to human rights concerns, according to a new report from Citizen Lab.

The continued use of Cellebrite's Universal Forensic Extraction Device (UFED) — in this case on the iPhone 12 of prominent Russian political activist Andrey Pivovarov — suggests the company has been unable to meaningfully pull back its technology from authoritarian government customers, said John Scott-Railton, a researcher at Citizen Lab. Pivovarov was detained by Russian authorities in May 2021, and his devices were seized shortly after. He was not asked for consent nor did he provide passwords.

Citizen Lab determined with high confidence that Pivovarov's phone was broken into on or around June 17, 2021, just three months after Cellebrite said Russia could no longer use its product. Forensic analysis of MobileLockdown records from the phone showed USB connections to a device with a Host ID that Citizen Lab has previously attributed to Cellebrite. Court records later showed that multiple documents pulled from the phone were used to build a case against Pivovarov on charges of "carrying out the activities of an 'undesirable' organization."

The report highlights a fundamental design flaw in Cellebrite's technology: much of the functionality in the UFED product continues to operate long after updates cease, and the systems historically include an offline mode. "The way Cellebrite's technology was designed appeared to make it difficult for the company to meaningfully cut off problematic customers," the report concluded.

A Cellebrite executive emailed Recorded Future News a copy of a letter sent to Citizen Lab, stating that "any use of legacy Cellebrite hardware in Russia after March 2021 is entirely unauthorized." Chief marketing officer David Gee said the hardware previously sold would now be incompatible with modern devices and operates without technical support or legal sanction from Cellebrite. "Rapid technology advances render legacy digital forensic hardware and software ineffective within a short period of time," Gee said. "Russia remains permanently on our restricted-customer list."

Pivovarov was sentenced to four years in prison in July 2022 but was released in a 2023 prisoner exchange and now lives in exile in Germany. He remains afraid of being spied on and plans to write Cellebrite's CEO a letter asking why Russian authorities were able to use its UFED even after the firm said it exited the country. "I'm a little nervous that in the future it can continue," Pivovarov said. "It's very bad when such clever software is used for Putin's vision."

Citizen Lab has documented how authorities in repressive regimes like Serbia, Jordan, and Kenya have recently used Cellebrite to break into civil society phones, raising questions about the company's commitment to stopping abuse. Scott-Railton warned that Cellebrite's planned rollout of new AI features will enable "even more efficient extraction of people's social graph." He urged the company to "stop selling to autocrats, remotely-disable their tech after credible reports of abuse, and end the era of plausible deniability by implementing cryptographically-signed watermarks on all imaged devices."

Citizen Lab's analysis of Pivovarov's phone and court documents reveals that the extracted data may have been used to surveil fellow dissident Anastasiya Burakova in a campaign linked to the FSB. The report highlights that Cellebrite's legacy UFED systems can operate offline and continue functioning after updates cease, making it difficult to cut off problematic customers. Cellebrite responded that any use of its hardware in Russia after March 2021 is unauthorized and that legacy tools would be ineffective on modern devices.