Amnesty International says Google has fixed three zero-day vulnerabilities in Android, developed by Cellebrite and used by Serbia to unlock phones
Amnesty International said that Google fixed previously unknown flaws in Android that allowed authorities to unlock phones using forensic tools.
TechCrunch Lorenzo Franceschi-Bicchierai
Related Coverage
- Cellebrite zero-day exploit used to target phone of Serbian student activist Amnesty International Security Lab
- Serbian student's Android phone compromised by exploit from Cellebrite Ars Technica · Dan Goodin
- Android Phone's Unlocked Using Cellebrite's Linux USB Zero-day Exploit Cyber Security News · Guru Baran
- Google quietly fixed USB flaw that left over a billion Android devices exposed Digital Trends · Nadeem Sarwar
- Amnesty Finds Cellebrite's Zero-Day Used to Unlock Serbian Activist's Android Phone The Hacker News
- Serbian police used Cellebrite zero-day hack to unlock Android phones BleepingComputer · Bill Toulas
- Serbia Used Cellebrite Zero-Day Android Attack on Student Activist CyberInsider · Alex Lekander
- Serbian Student's Android Phone Compromised By Exploit From Cellebrite Slashdot · BeauHD
- Android 0-day sold by Cellebrite exploited to hack Serbian student's phone Ars OpenForum
Discussion
-
@donnchac
Donncha Ó Cearbhaill
on x
🚨 UPDATE YOUR DEVICES 🚨: Amnesty International uncovers sophisticated zero-day exploit affecting billions of Android devices. Cellebrite's Linux USB exploit was used to unlock the phone of a Serbian youth activist, targeted in December 2024 **after** previous reports abuses [imag…
-
@donnchac
Donncha Ó Cearbhaill
on x
Our team at the Security Lab saw this Linux kernel USB exploit chain used against multiple people since mid-2024. We shared traces of exploit with Google's Threat Analysis Group allowing for the identification of at least three zero-day vulnerabilities https://securitylab.amnesty…
-
@grapheneos
@grapheneos
on x
https://securitylab.amnesty.org/ ... Amnesty International's Security Lab has a post about 3 vulnerabilities exploited by Cellebrite to extract data from locked Android devices. GrapheneOS blocked exploiting these vulnerabilities in multiple different ways. We also patched them m…
-
@donnchac
Donncha Ó Cearbhaill
on x
Cases like this show how real-world attackers are exploiting the latest mobile devices. Android vendors should urgently implement security mitigations to limit the large attack exposed to malicious USB devices connected to a locked Android phone. https://grapheneos.org/...
-
@dinodaizovi
Dino A. Dai Zovi
on x
Security nihilism grows from being in a reactive response-only mode for too long. Security optimism grows from focusing on applied security engineering. Be the house that didn't burn down because you invested in applying security engineering to prevent entire classes of attack.
-
@andreyknvl
Andrey Konovalov
on x
Looks like we have a confirmation that Cellebrite uses memory corruptions in Linux kernel USB drivers to unlock Android phones. First 2 bugs seem easily discoverable by syzkaller/syzbot with a bit of extra descriptions. 3rd one is likely as well ⤵️
-
@donnchac
Donncha Ó Cearbhaill
on x
The USB exploit chain targets mainline Linux kernel drivers, potentially affecting devices across all Android vendors. At least five different USB device type types were used as part of the exploitation process. More exploit details are shared in our blog post [image]
-
@grapheneos
@grapheneos
on x
Each of these is an upstream Linux kernel vulnerability: * CVE-2024-53104: heap overflow in a Linux kernel USB webcam driver * CVE-2024-53197: heap overflow in a Linux kernel USB sound card driver * CVE-2024-50302: uninitialized heap memory in a Linux kernel USB touchpad driver
-
@billmarczak
Bill Marczak
on x
Interesting - @AmnestyTech found some cases where confiscated Android phones were unlocked with Cellebrite's forensics tech, and shared traces with Google TAG, who identified three bugs in various Linux kernel USB device drivers https://securitylab.amnesty.org/ ...
-
@billmarczak
Bill Marczak
on x
@AmnestyTech Also, Android apparently doesn't have a USB restricted mode equivalent? You can just rawdog the entire set of Kernel drivers from the USB port by default?! Yikes.
-
@grapheneos
@grapheneos
on x
GrapheneOS blocks reaching any of these vulnerabilities for locked devices through our USB-C port and pogo pins control feature disabling new connections at a hardware level and a software level after locking along with disabling USB data in hardware too: https://grapheneos.org/.…
-
@lorenzofb
Lorenzo Franceschi-Bicchierai
on x
NEW: Google fixed three zero-day vulnerabilities in Android that were used by authorities to unlock phones with Cellebrite forensic tools. The fixes come after Amnesty alerted Google, following the analysis of a Serbian student protester's phone. https://techcrunch.com/...