Russia Hacks Activist's iPhone with Cellebrite Despite Company Promises

What Happened?

A Citizen Lab report, published in June 2025, reveals that a Russian government unit managed to access the iPhone of Andrey Pivovarov, a detained activist and opposition politician, using a forensic tool manufactured by the Israeli company Cellebrite. The access occurred three months after Cellebrite publicly announced in March 2022 that it was ceasing operations in Russia due to the invasion of Ukraine. The investigation is based on forensic evidence extracted from Pivovarov's device and Russian court documents confirming the use of Cellebrite software, specifically the UFED (Universal Forensic Extraction Device) tool. According to Citizen Lab, the stolen data includes messages, contacts, and photographs, which were later used in a trial against Pivovarov on charges of “extremism.” This case is not isolated: in 2023, Amnesty International documented the use of Cellebrite tools by Belarus, another country under sanctions, to access journalists' devices.

Why Is This Important?

This incident demonstrates that corporate promises to withdraw from problematic markets do not always translate into a real interruption of their products' use. Despite international sanctions and public statements, surveillance tools can continue to be used by authoritarian governments through various mechanisms: local distributors acting as intermediaries, perpetual licenses allowing continued use of already purchased software, or older versions of the product that remain operational. In Cellebrite's case, the company stated in 2022 that it was ceasing all sales and support in Russia, but the Citizen Lab report suggests the UFED software used was a pre-ban version, indicating the Russian government already owned the tool and could use it without new purchases. This phenomenon echoes what happened with the Italian company Hacking Team, whose espionage tools were found in the hands of authoritarian governments years after the company went bankrupt. For activists and political opponents, this case underscores that even after a company announces its withdrawal, extracted data can be used to suppress dissent, endangering not only the primary target but also their contacts, family, and colleagues.

Consequences

This incident will have repercussions on multiple levels. First, it could accelerate regulatory scrutiny of forensic technology companies, especially in the European Union and the United States, where laws like the Surveillance Technology Export Control Act are already being debated. Organizations such as Access Now and Privacy International have called for a ban on exporting these tools to countries with a history of human rights violations. Additionally, the case could drive demands for transparency and accountability, requiring companies like Cellebrite to implement post-sale verification mechanisms and report on their products' use. For democratic governments, this reinforces the need to impose stricter sanctions not only against companies but also against intermediaries and distributors that facilitate the circumvention of restrictions. On the technological front, this case could lead Apple to strengthen device security, for example, by expanding Lockdown Mode or improving protection against forensic attacks. For users, especially activists and journalists, the lesson is clear: even an iPhone with the latest update can be vulnerable if a government has physical access to the device and specialized tools. Recommendations include using end-to-end encryption, secure messaging apps like Signal, and periodically deleting sensitive data.

What Should Readers Know?

• Hacking tools like Cellebrite UFED can be acquired by authoritarian governments even after the manufacturer announces its withdrawal, due to perpetual licenses or local distributors.
• Surveillance companies must implement effective mechanisms to prevent unauthorized use of their products, such as remote software deactivation or verification of buyers' compliance with sanctions.
• Activists should consider that their devices may be vulnerable if they fall into the hands of security forces, and take additional precautions such as using complex passwords, enabling automatic erasure after several failed attempts, and maintaining encrypted backups on external services.
• This case joins others like the use of NSO Group's Pegasus tools against journalists in Mexico and Saudi Arabia, demonstrating a pattern of broken corporate promises in the surveillance industry.

"The gap between corporate promises and ground reality is enormous. As long as these tools continue to circulate, human rights will be at risk." — Citizen Lab