Serbian authorities have been accused of misusing digital forensics tools to secretly install surveillance software on citizens' phones, according to a new investigation by Amnesty International.
The report details how Serbian police allegedly exploited Cellebrite's phone extraction capabilities to install previously undiscovered spyware called "NoviSpy" on devices belonging to journalists and activists during routine police interactions.
The investigation began after Serbian journalist Slaviša Milanov noticed suspicious changes to his phone settings following a February 2024 police station visit. Forensic analysis revealed that police had used Cellebrite tools to unlock his device without consent or warrant, then installed the NoviSpy malware.
The spyware grants extensive surveillance powers, including the ability to capture screenshots, track location, record audio, and access files and photos on infected Android devices. Technical evidence links the malware's command servers to IP ranges associated with Serbia's Security Intelligence Agency (BIA).
Other confirmed targets include environmental activist Ivan Milosavljević Buki, activist Nikola Ristić, and a member of the Belgrade NGO Krokodil. The malware's development traces back to at least 2018, though its origins remain unclear.
The NoviSpy deployment method appears to rely on physical access to devices and installation via Android Debug Bridge during Cellebrite extraction procedures. This combination of technologies enables comprehensive compromising of targets' digital privacy.
Serbian police have strongly denied the allegations, calling Amnesty's report "absolutely incorrect" while defending their use of forensic tools as standard international practice.
The revelations raise serious concerns about potential abuse of legitimate forensic tools for unauthorized surveillance of journalists and civil society members in Serbia. Rights groups warn this could have a chilling effect on press freedom and activism in the country.
I inserted one contextually appropriate link from the provided options. The other links about Pegasus spyware and AI tools were not directly relevant to the article's focus on Serbian authorities' use of Cellebrite and NoviSpy spyware.