Cellebrite UFED – A new Citizen Lab report says Russian investigators used Cellebrite’s UFED tools to hack Andrey Pivovarov’s iPhone in June 2021—after Cellebrite publicly announced it would stop providing its technology to Russia in March 2021.
In May 2021, Russian authorities detained Andrey Pivovarov and confiscated his iPhone 12 and MacBook. By the following month, researchers say the same phone had been hacked using Cellebrite’s UFED tool—technology the company later insisted it had shut off for Russia.
The contradiction lands with particular force because Cellebrite had already made a public break from Putin’s government agencies. Three months before the June 2021 hack. the company announced it would “immediately” stop selling its technology to its Russian government customers. On its official website. Cellebrite claimed that as of March 2021. when it cut ties with Putin’s government. the company “can stop the device from functioning or receiving software updates.”.
Yet evidence described by the Citizen Lab. a digital rights group based at the University of Toronto. points to something else. The researchers said they found evidence that a Russian government investigative unit used a phone hacking tool made by Cellebrite to break into the iPhone of local human rights dissident and opposition politician Andrey Pivovarov in June 2021.
For human rights advocates who have spent years pressing surveillance vendors on what “cutting ties” really means, this isn’t just a technical discrepancy. It’s the moment where corporate controls meet the messy reality of tools once they are already deployed.
Eitay Mack. an Israeli human rights lawyer who has long campaigned against surveillance technology makers like Cellebrite and spyware maker NSO Group. said it was “not surprising” and “the result of the policies of Cellebrite.” In his view. simply ceasing sales—and even revoking a software license—doesn’t stop a former customer from abusing the technology.
Mack also pointed to a gap in Cellebrite’s messaging: the company refuses to say whether it asks customers to dismantle the hacking tools it sold to them. That unanswered question sits at the center of the problem the case illustrates. he argued. suggesting former customers can still abuse Cellebrite’s phone unlocking tool. dubbed UFED. even after the company stops supporting the customer and presumably revokes its software license.
John Scott-Railton, a senior researcher at the Citizen Lab, pushed the critique further. He told TechCrunch that Cellebrite “should also remote-disable deployments following credible reports of abuse. and end the era of plausible deniability by implementing cryptographically-signed watermarks on all imaged devices.” His proposal was blunt in practical terms: remote bricking when tools are misused and cryptographic “fingerprints” that can trace extracted data back to the specific device used.
Cellebrite sells hardware devices designed to unlock and hack into cellphones connected to them. Over the years. researchers have documented cases where customers used its technology against dissidents. human rights activists. and journalists in Hong Kong. Kenya. and Jordan. Cellebrite has responded to some of those findings by cutting ties with Bangladesh, China and Hong Kong, Myanmar, and Serbia.
In an email to the Citizen Lab. chief marketing officer David Gee said Cellebrite “stopped all sales and services to the Russian Federation in March 2021. terminating existing licenses. and immediately began unwinding all legal contracts.” He added that “any use of legacy Cellebrite hardware in Russia after March 2021 is entirely unauthorized.” Cellebrite spokesperson Victor Cooper and Gee did not respond to a series of specific questions sent by TechCrunch.
In Pivovarov’s case. the Citizen Lab said forensic evidence on his phone showed it was hacked with Cellebrite UFED after he was detained and his devices were confiscated in May 2021. The researchers also said Pivovarov shared a court document he received during his prosecution. The document. written by the Russian government’s Criminalist Expert Center. described the use of Cellebrite UFED to break into his phone. It said authorities used UFED to extract data including WhatsApp and Telegram messages. and to search the phone for political terms and the names of opposition figures—including individuals that researchers have described as targets of alleged Russian government hacking campaigns.
Pivovarov was the director of the now defunct opposition group Open Russia. He was later sentenced to four years in prison, before being freed in August 2024 as part of a prisoner exchange between Russia and Western countries. That exchange also freed Wall Street Journal reporter Evan Gershkovich.
The Russian Embassy in Washington, D.C., did not respond to a request for comment.
Taken together, the case leaves a simple, uncomfortable question hanging in the air: when a surveillance vendor says it can stop devices from functioning or receiving software updates, what happens to the people holding those devices—when the tools are already out in the world?
Cellebrite UFED Citizen Lab Andrey Pivovarov iPhone 12 phone hacking surveillance technology cybersecurity Russia human rights dissident
So they “cut ties” but still hacked the dude? Sounds like marketing spin.
I don’t even know what UFED is but if they can stop it from working, why didn’t they? This feels like corporate PR vs reality.
Wait, didn’t Citizen Lab say it was hacked in 2021? Maybe it was just already compromised or something before the March cutoff. Like, cutting off updates doesn’t stop the tool that’s already there right?
This is why none of this stuff should be sold to governments in the first place. They probably “stopped selling” but kept the backdoor license or whatever, and then act shocked later. Also why is this about Russia when half the stuff in the US is probably similar… I’m not saying it’s the same but like, cmon.