A new investigation has revealed that Russian authorities used digital forensic tools made by Cellebrite to unlock the iPhone of jailed Russian activist Andrei Pivovarov. The finding is significant because Cellebrite had already announced in March 2021 that it was ending all business with Russia and Belarus. Researchers say the case raises important questions about how long previously sold forensic tools can continue operating after official sales stop.
The investigation was carried out by researchers at Citizen Lab, based at the University of Toronto. After examining forensic evidence and official Russian documents, the researchers concluded with high confidence that Cellebrite’s technology was used to access Pivovarov’s phone. The company said any use of its hardware in Russia after March 2021 would be unauthorized and outside its support services.
According to the report, Pivovarov’s iPhone was accessed after his arrest in May 2021. Investigators extracted information from messaging applications, including WhatsApp and Viber, along with other personal data stored on the device. The recovered information was later used by Russian authorities as part of the criminal case against him during his imprisonment.
Pivovarov said the phone extraction exposed private conversations, professional communications, and details about people connected to his work. He believes the information placed many of his colleagues at risk because authorities could identify contacts and communication patterns. Some of those contacts were later reportedly targeted by the Russia-linked hacking group Coldriver, although researchers said that connection requires further investigation.
The findings have renewed concerns over the control companies have once digital forensic equipment has already been sold. Human rights lawyer Eitay Mack argued that simply ending future sales may not be enough if existing devices continue working inside authoritarian countries. He said companies should have stronger mechanisms to disable or restrict tools when credible reports of abuse emerge.
Citizen Lab also recommended several technical safeguards that could reduce future misuse. Researchers suggested remote deactivation capabilities, stronger licensing controls, and cryptographic signatures that would allow forensic extractions to be traced back to specific authorized devices. These measures could improve accountability while helping companies identify unauthorized or abusive use of their technology.
In response, Cellebrite said its products are licensed only for legally authorized investigations and that it does not permit unauthorized use. The company stated that hardware remaining in Russia after March 2021 would not receive technical support and would not be compatible with many modern smartphones. It also said it was not given the opportunity to review Citizen Lab’s report before its publication.
The case has once again highlighted the growing debate around digital forensic technology and human rights. While these tools play an important role in legitimate criminal investigations, researchers warn they can also be misused against political activists, journalists, and civil society members when proper safeguards are missing. The investigation has renewed calls for stronger oversight to ensure powerful forensic technologies are not used to violate privacy or suppress dissent.
Stay alert, and keep your security measures updated!
Source: Follow cybersecurity88 on X and LinkedIn for the latest cybersecurity news
