The Russian government reportedly used Cellebrite’s digital forensics tools to break into the phone of a political activist, even after the Israeli company canceled its contract with Russian customers. The case has put fresh scrutiny on Cellebrite’s business practices and whether cutting off access is enough to prevent abuse.
According to Engadget, an investigation by the University of Toronto’s Citizen Lab found that Russian authorities used Cellebrite to access the devices of Andrey Pivovarov, a human rights defender and former director of the non-profit Open Russia. Pivovarov says he never handed over passwords for his confiscated iPhone 12 or MacBook.
The devices were seized in 2021 and not returned to his legal representatives until 2023, while he was serving a prison sentence. After his release, Pivovarov contacted the Citizen Lab, which then found what it described as “traces of the use of Cellebrite’s forensic tools with high confidence” on his iPhone 12. The intrusion reportedly occurred on or around June 17, 2021, while the phone was in Russian government custody.
Cellebrite, for its part, terminated its contract with the Russian Investigative Committee in March 2021, after accusations that its technology was being used to suppress political opposition. The company claimed that Russian authorities stopped receiving software updates the moment ties were cut. Yet the alleged hack happened three months later, suggesting that previously purchased hardware was still very much functional.
The Citizen Lab says its findings are backed by official Russian documentation. A translated report titled “Forensic Expert Report No. 1269-17” confirms the use of Cellebrite’s UFED Physical Analyzer and UFED 4PC toolkit, tools designed to extract and analyze data from a wide range of devices. According to the investigation, Russian authorities searched Pivovarov’s phone for content linked to:
- The Open Russia Civic Movement
- Opposition figure Mikhail Khodorkovsky, founder of the pro-democracy organization Pivovarov had worked for
- Messaging apps including WhatsApp, Telegram, and Viber
- Broader political topics that could be used as evidence in his prosecution
The attempt to access his MacBook was less successful. The Citizen Lab says the encryption on the device blocked the authorities, and there is evidence of a series of failed login attempts on the same day the iPhone was successfully accessed.
Cellebrite says it provides digital forensics and investigation tools to more than 60,000 agencies across 150 countries. Its website describes its focus as “mastering the complexities of legally sanctioned digital investigations.” But the Citizen Lab has documented a longer pattern of behavior, calling out the company for what it describes as a “well-documented history of selling to governments with track records of persecuting activists, journalists and dissidents.”
In an email shared with Forbes, Cellebrite’s chief marketing officer David Gee said any use of the platform in Russia after March 2021 was “entirely unauthorized.” He added that hardware sold before the cutoff “would now be incompatible with modern devices and would operate without our technical support, our consent or any legal sanction from Cellebrite.”
That response has not satisfied critics. The Citizen Lab accuses Cellebrite of “failing to meet its corporate responsibility to respect human rights” and says the company has shown a pattern of being comfortable selling to governments that could weaponize the technology against their own citizens. The case highlights a wider problem in the surveillance tech industry: once a tool is sold, the seller has limited ability to control how it is used, and cutting off a contract does not mean cutting off access.
For activists, journalists, and dissidents operating in countries with authoritarian governments, this case is a reminder of how much risk sits inside a confiscated smartphone, and how little a company’s stated policies can mean once its tools are already in the wrong hands.