Cellebrite UFED Used by Russia Against Activist Andrey Pivovarov Despite 2021 Cutoff
Published
Key Takeaways
- Tool Abused: Citizen Lab found forensic evidence that Cellebrite UFED was used on activist Andrey Pivovarov's iPhone 12 in June 2021.
- Policy Breached: The hack occurred three months after Cellebrite announced it cut all sales and services to Russia in March 2021.
- Data Extracted: Russia's Criminalist Expert Center pulled WhatsApp and Telegram messages from the device.
Russian authorities used Cellebrite's phone-hacking tool Universal Forensic Extraction Device (UFED) against opposition politician Andrey Pivovarov months after the forensics firm said it had cut ties with Moscow. Researchers at The Citizen Lab, the digital rights group based at the University of Toronto, have documented the evidence.
Cellebrite UFED Used Despite Russia Cutoff
In March 2021, Cellebrite announced it would "immediately" stop selling its technology to Russian government customers. Yet three months later, in June 2021, Russia's Forensic Expert Center of the Russian Ministry of the Interior (MVD) deployed Cellebrite UFED to break into Pivovarov's iPhone 12, which authorities had confiscated in May 2021.
Citizen Lab analyzed an MVD court document Pivovarov received during his prosecution, which detailed the agency's use of UFED to extract data, including WhatsApp, Viber, and Telegram messages.
Pivovarov was director of the now-defunct opposition group Open Russia. He was sentenced to four years in prison and later freed in August 2024 as part of a prisoner exchange that also released Wall Street Journal reporter Evan Gershkovich.
The report noted that the experts searched the contents of Pivovarov’s devices for terms related to Open Russia, such as founder Mikhail Khodorkovsky, its former coordinator Tatiana Usmanova, and its then-human rights lawyer Anastasiya Burakova. The latter was one of the targets of the Coldriver (Callisto) 2024 cyberespionage campaign.
Cellebrite Calls Russian Use "Unauthorized"
Cellebrite canceled its contract with Russian and Belarusian customers in March 2021, and the company’s chief marketing officer David Gee added that "any use of legacy Cellebrite hardware in Russia after March 2021 is entirely unauthorized."
Citizen Lab urged Cellebrite to remotely disable deployments after credible reports of abuse and to implement cryptographically signed watermarks to trace extracted data. Israeli human rights lawyer Eitay Mack criticized the firm's policies, arguing that revoking licenses does not stop former customers from abusing the technology.
To reduce the likelihood that a forensic extraction tool will successfully bypass the device’s lock and access its data, Citizen Lab recommendations include:
- Keep your device’s operating system up to date.
- Set a strong (preferably alphanumeric) passcode for your device.
- For your accounts, use a password manager, ensuring that each service has a different password and that you can change passwords more quickly if a device or account is compromised.
- Enable Lockdown Mode (iPhones only).
- Enable Advanced Protection (available for Android version 16 or above).
- Enable Full Disk Encryption for computers.
Serbian authorities leveraged Cellebrite to sideload an Android APK after unlocking a student activist’s phone in March 2025, and to unlock and plant NoviSpy spyware on a journalist’s Phone a few months earlier.
Related
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular
Get expert insights on threats, breaches, scams, and security trends — delivered every Monday.
Most Popular