🟡 Medium | Source: The Hacker News
Russian authorities used Cellebrite’s UFED mobile forensic tool to extract data from an opposition activist’s iPhone in June 2021, three months after Cellebrite publicly stated it had ceased sales to Russia and Belarus. Research by Citizen Lab confirmed the breach through forensic traces on the device and official Russian court documents. The case highlights how export restrictions and vendor sales bans can be circumvented through existing tool stockpiles or grey-market access.
Security Architect’s Take: Review your organisation’s mobile device threat model to account for advanced forensic extraction tools such as Cellebrite UFED, which can bypass device encryption under certain conditions — ensure full-disk encryption, strong PINs over biometrics, and consider remote-wipe policies for devices held by high-risk individuals or those operating in authoritarian jurisdictions.
Original advisory: Russia Used Cellebrite on Jailed Activist’s iPhone Months After Sales Cutoff