A groundbreaking investigation by Amnesty International has revealed a sophisticated surveillance operation in Serbia, combining two invasive technologies to target journalists and activists. The operation involved Cellebrite’s phone unlocking tools and a previously unknown spyware called NoviSpy.
The Attack Strategy
The surveillance campaign was discovered after Serbian journalist SlaviÅ¡a Milanov’s phone was compromised during police detention in early 2024. The attack utilized:
– Cellebrite tools to initially unlock the device
– NoviSpy spyware for continued surveillance
NoviSpy Capabilities
The spyware, developed as early as 2018, consists of two main components:
1. NoviSpyAdmin: Collects call logs, SMS messages, and audio recordings
2. NoviSpyAccess: Captures screenshots, tracks location, and activates camera remotely
Notable Targets
Several prominent individuals were targeted, including:
– Journalist SlaviÅ¡a Milanov
– Youth activist Nikola Ristić
– Environmental activist Ivan Milosavljević Buki
– A member of the Krokodil organization
Technical Details
The attack exploited a zero-day vulnerability (CVE-2024-43047) in Qualcomm’s DSP Service, which was later patched in October 2024. Google’s investigation revealed six related vulnerabilities in the adsprpc driver.
Serbian authorities denied the allegations, while Cellebrite announced an investigation into potential misuse of their tools. The case highlights growing concerns about commercial surveillance tools and their impact on civil liberties, prompting calls for stricter regulation from various international organizations.