The Cellebrite Russia dissident phone case has a specific date attached to it now: on or around 17 June 2021, Russian authorities used the Israeli forensics firm’s technology to break into the iPhone 12 of opposition politician Andrey Pivovarov while he was in detention, according to Citizen Lab, the digital rights research group based at the University of Toronto. The problem: Cellebrite had announced it was cutting ties with Russian government customers three months earlier.
The episode puts a hard question to anyone who has ever trusted a vendor’s cut-off announcement as a meaningful security guarantee.
What the Russian Forensic Report Reveals
Pivovarov, then director of the now-defunct opposition group Open Russia, was detained by Russian authorities in May 2021. His iPhone 12 and MacBook were confiscated. As part of his prosecution, he received a court document that named Cellebrite’s technology explicitly: The Hacker News reports the document was titled ‘Forensic Expert Report No. 1269-17,’ prepared for Russia’s Investigative Committee by the Interior Ministry’s forensic centre, and it names Cellebrite’s UFED Physical Analyzer and UFED 4PC by product name.
Authorities used the UFED tools to extract data from the phone, including WhatsApp and Telegram messages. They also searched for political terms and the names of opposition figures, among them targets of what researchers have described as alleged Russian government hacking campaigns.
Citizen Lab’s forensic analysis found that Russian authorities were less successful with Pivovarov’s MacBook, primarily because it was encrypted, according to Engadget. The phone was another matter.
The Cellebrite Russia Dissident Phone Breach and the Cut-Off That Wasn’t
Cellebrite’s official press release, dated 18 March 2021 and issued from the company’s Tysons Corner, Virginia office, announced that CEO Yossi Carmil had directed an immediate halt to all sales and services to Russia and Belarus. The company’s website claimed it retained the ability to ‘stop the device from functioning or receiving software updates.’
That capability, if it existed, was not exercised. In an email to Citizen Lab and Access Now, a nonprofit that supported Pivovarov, the company’s chief marketing officer David Gee wrote: ‘The Cellebrite hardware previously sold, prior to March 2021, would now be incompatible with modern devices and would operate without our technical support, our consent or any legal sanction from Cellebrite.’ He also separately told Citizen Lab that Cellebrite ‘stopped all sales and services to the Russian Federation in March 2021, terminating existing licenses, and immediately began unwinding all legal contracts. Any use of legacy Cellebrite hardware in Russia after March 2021 is entirely unauthorized.’
The statement concedes the core problem: once a device is sold, the company’s ability to enforce its own policies is limited to refusing updates and support. That appears to be insufficient.
Gee also copied Forbes and other publications into the email, and complained that researchers had not given Cellebrite advance access to the Citizen Lab report before publication. Gee and Cellebrite spokesperson Victor Cooper did not respond to a series of specific questions.
A Pattern, Not an Anomaly
This was not Russia’s first known use of Cellebrite tools against political opponents. Prior to the Pivovarov case, Russian authorities had used Cellebrite technology to raid the phone of Lyubov Sobol, a prominent opposition figure and ally of Alexei Navalny, in late 2020, a controversy that had already been building pressure on the company to sever ties with Russian government agencies.
Cellebrite has previously cut ties with Bangladesh, China and Hong Kong, Myanmar, and Serbia in response to documented abuses. The pattern across those cases and this one is consistent: the announcement of a cut-off does not reliably stop abuse of hardware already in the field.
Eitay Mack, an Israeli human rights lawyer who has campaigned against surveillance technology companies including Cellebrite and spyware maker NSO Group, was direct: ‘It’s not surprising, and [it] is the result of the policies of Cellebrite.’ Mack also pointed out that Cellebrite refuses to say whether it asks former customers to physically dismantle the tools it sold them.
John Scott-Railton, a senior researcher at Citizen Lab, argued that the company ‘should also remote-disable deployments following credible reports of abuse, and end the era of plausible deniability by implementing cryptographically-signed watermarks on all imaged devices.’ In practical terms: Cellebrite should be able to remotely disable its own tools when they are being misused, and it should build in digital fingerprinting so that any data extracted can be traced to a specific device.
Pivovarov was sentenced to four years in prison. He was freed in August 2024 as part of a prisoner exchange between Russia and Western countries that also included Wall Street Journal reporter Evan Gershkovich. The forensic report that named Cellebrite’s products by model number had, in the meantime, travelled through a Russian court as evidence for his prosecution.
Cellebrite has said its cut-off was immediate and its hardware unauthorised after March 2021. The forensic report Pivovarov received, naming specific Cellebrite products used on his phone three months later, suggests the line between authorised and unauthorised use is one that hardware in the field does not recognise.
