Serbian police reportedly deployed a new spyware, NoviSpy, to monitor journalists and activists, according to a report by Amnesty International. The use of advanced phone-cracking tools like Cellebrite enabled unlawful access, raising concerns about digital privacy in the region.
How NoviSpy Spyware allegedly helped Serbian police target journalists
Amnesty International’s extensive 87-page report reveals details about the combination of spyware and phone-cracking technology employed by Serbian authorities. Notably, the report includes findings of previous unknown spyware for Android called NoviSpy, which allows authorities to capture sensitive personal data, including the ability to activate a target’s microphone or camera remotely. The report highlights the specific case of independent journalist Slaviša Milanov, who experienced a breach of privacy when police detained him in February and allegedly compromised his mobile phone.
Milanov’s detention was ostensibly for a drug test, but upon his release, he noticed unusual activity on his phone and the inability to access Wi-Fi and mobile data. An analysis conducted by Amnesty found evidence of the Cellebrite-NoviSpy combination on his device. “It was a very unpleasant feeling,” Milanov stated, expressing confusion and anger about the incident. He suspects authorities aimed to pressure him and collect information on his connections and sources.
The findings point to a larger trend where physical access to devices enables the installation of spyware. This method was similarly reported where the Russian government detained a citizen and later infected his smartphone with spyware. Amnesty emphasizes that the rise of spyware like NoviSpy illustrates a worrying evolution in digital surveillance tactics used against civil society.
Russian Secret Blizzard hackers exploit malware to target Ukrainian forces
NoviSpy, while not as powerful as Pegasus spyware, still poses significant threats, capturing various types of sensitive data from compromised smartphones. It employs methods via the Android Debug Bridge (ADB) command-line utility through two distinct applications—NoviSpyAdmin and NoviSpyAccess. These applications require extensive permissions to gather call logs, messages, and contacts, while stealthily recording audio and capturing screenshots across multiple apps, including messaging platforms like Signal and WhatsApp.
The origins of NoviSpy remain unclear, as Amnesty states it might have been developed internally by Serbian security services or outsourced from third-party developers. Evidence suggests its development dates back to at least 2018. These tools provide an alarming capability for the state to gather data both overtly, through legal means, and covertly, by exploiting spyware.
Investigations are ongoing regarding the involvement of Cellebrite, the Israeli company that provides phone extraction technology to law enforcement. In response to the allegations, Cellebrite indicated it is reviewing the claims of misuse of its technology and may take corrective actions if violations of its end-user agreements are confirmed.
The Amnesty report indicates that the Norwegian Ministry of Foreign Affairs provided Cellebrite tools to Serbia but recognized its failure to conduct proper due diligence to mitigate potential human rights abuses associated with the technology’s deployment. An official response from the ministry categorized the situation as alarming, signifying the need for thorough investigations into the misuse of digital forensic tools against civil society.
Featured image credit: Lianhao Qu/Unsplash
