Russian authorities used Cellebrite phone data extraction technology to snoop in a dissident’s device three months after the Israeli commercial surveillance company said it had cut the country off due to human rights concerns.

The continued use of the powerful data extraction product — in this case Cellebrite’s universal forensic extraction device (UFED) — soon after the company in March 2021 said it would stop working with Russia suggests the firm has been unable to pull back its technology from authoritarian government customers, according to Citizen Lab researcher John Scott-Railton.

“The historic architecture of Cellebrite forensic systems means that much of the functionality in the UFED product has continued to operate long after updates cease,” a Citizen Lab report said. 

Cellebrite systems, Citizen Lab said, also have historically included an offline mode.

“The way Cellebrite's technology was designed appeared to make it difficult for the company to meaningfully cut off problematic customers,” the report concluded.

A Cellebrite executive emailed Recorded Future News a copy of a letter he sent to Citizen Lab, saying “any use of legacy Cellebrite hardware in Russia after March 2021 is entirely unauthorized.” 

“The Cellebrite hardware previously sold, prior to March 2021, would now be incompatible with modern devices and would operate without our technical support, our consent or any legal sanction from Cellebrite,” chief marketing officer David Gee said. “Rapid technology advances render legacy digital forensic hardware and software ineffective within a short period of time. Russia remains permanently on our restricted-customer list.”

Citizen Lab has documented how authorities in repressive regimes like Serbia, Jordan and Kenya have recently used Cellebrite to break into civil society phones, which has raised questions about the company’s commitment to stopping abuse.

A dissident jailed

In this case, prominent Russian political activist Andrey Pivovarov was detained by Russian authorities in May 2021 and his devices, including an iPhone12 and an Apple Macbook, were soon seized, according to the Citizen Lab report.

Pivovarov's devices remained in official custody until 2023, according to Citizen Lab. He was not asked for his consent to search the devices and he did not provide authorities with his passwords.

The security researchers at Citizen Lab say they have determined with high confidence that Pivovarav’s phone was broken into on or around June 17, 2021, when it was in the possession of Russian authorities, and just three months after Cellebrite said Russia could no longer use its product.

The forensic analysis of MobileLockdown records from the phone show USB connections to a device with a Host ID that Citizen Lab has previously attributed to Cellebrite, the report said.

In July 2022, Pivovarov, the former director of the Russia-based Open Russia nonprofit, was sentenced to four years in prison for his activism. Court records dug up by Citizen Lab back its forensic findings and show multiple documents pulled from Pivovarav’s phone were used to build a case against him on charges of “carrying out the activities of an ‘undesirable’ organization,” the report said.

The court documents also show that Cellebrite’s UFED was deployed to search for specific political terms once the phone was cracked. Russian authorities did not manage to break into the Macbook, the report said.

Pivovarov was released in a 2023 prisoner exchange and now lives in exile in Germany but remains afraid of being spied on. He plans to write Cellebrite’s CEO a letter asking why Russian authorities were able to use its UFED even after the firm said it exited the country and how it will prevent future abuse.

“I'm a little nervous that in the future it can continue,” Pivovarov said in an interview. “It's very bad when such clever software is used for Putin’s vision.”

‘Plausible deniability’

Cellebrite’s technology is a powerful tool for repression in the hands of autocrats because it can be used to extract journalists’ sources, better understand opposition political movements and track how dissidents are working together, advocates and researchers say.

Cellebrite also has said it plans to roll out new AI features, Scott-Railton said. It will enable “even more efficient extraction of people's social graph, which worries me,” he added.

“If Cellebrite wants to stop equipping political prosecutions, the path is clear: stop selling to autocrats, remotely-disable their tech after credible reports of abuse, and end the era of plausible deniability by implementing cryptographically-signed watermarks on all imaged devices,” Scott-Railton said.

Citizen Lab and the nonprofit Access Now sent Cellebrite’s top executives a letter urging them to stop selling to regimes that have previously abused their tech and to join civil society in spearheading “human rights due diligence” efforts before and after the technology is sold, according to Natalia Krapiva, senior tech-legal counselor at Access Now.