Russian authorities used Cellebrite technology to access the iPhone of opposition politician and human rights activist Andrey Pivovarov months after the company said it had stopped serving government customers in Russia, according to new research from The Citizen Lab.
The findings raise questions about whether surveillance and digital forensics companies can effectively disable products that have already been delivered to government agencies.
Researchers Found Evidence of Cellebrite Use
Russian authorities detained Pivovarov in May 2021 and confiscated his iPhone 12 and MacBook. Researchers later examined his phone and found evidence that Cellebrite’s Universal Forensic Extraction Device, or UFED, had been used the following month.
A court document provided by Pivovarov also described how a Russian government forensic unit used UFED to extract information from the device. The data included messages from WhatsApp and Telegram, while investigators searched for political terms and the names of opposition figures.
Pivovarov previously led Open Russia, an opposition group that later ceased operating. He was sentenced to four years in prison before being released in the August 2024 prisoner exchange that also freed Wall Street Journal reporter Evan Gershkovich and other detainees.
Cellebrite Says the Use Was Unauthorised
Cellebrite had announced in March 2021 that it would stop selling products and services to Russian government customers and terminate existing licences. The company says it can prevent internet-connected UFED systems from functioning or receiving software updates after a licence expires.
In a response published with the Citizen Lab report, Cellebrite said any use of legacy hardware in Russia after March 2021 was entirely unauthorised. It added that it had ended sales, services, licences, and legal contracts in the country.
The company did not explain why the system used against Pivovarov remained operational three months after that decision. The case suggests that withdrawing software support may not immediately prevent customers from using previously supplied hardware.
Researchers Call for Stronger Controls
The Citizen Lab said Cellebrite should remotely disable products after credible reports of abuse and add cryptographically signed records to data extracted by its tools. Such records could help investigators identify the individual device responsible for an extraction.
Human rights lawyer Eitay Mack also argued that ending sales does not address hardware already held by former customers. He said companies should clarify whether customers must dismantle or return their systems after contracts and licences are terminated.
Cellebrite has previously ended relationships with customers in Bangladesh, China and Hong Kong, Myanmar, and Serbia following concerns about misuse. Researchers have documented its technology being used against activists, political opponents, and journalists in several countries.
Featured image credits: Magnific.com
For more stories like it, click the +Follow button at the top of this page to follow us.