Forensic evidence of Russia hacking activist's device highlights alleged failure by Cellebrite to prevent human rights harms
"Russia Breaks Into Human Rights Activist’s Phone With Cellebrite" 25 June 2026
We analyzed Russian activist Andrey Pivovarov’s phone, finding that Russian authorities used forensic extraction tools made by Cellebrite to gain access to his device. A document prepared by Russian authorities confirms that Cellebrite was used to extract information to aid in Pivovarov’s prosecution. Importantly, we found that authorities continued to use Cellebrite for political repression even after the company had cancelled its contracts with Russian customers...
...Our analysis found traces of the use of Cellebrite’s forensic tools with high confidence on Pivovarov’s iPhone 12 on or around June 17, 2021, during a period when the device was in the custody of the Russian authorities...
...[This] correlation between Cellebrite being used to target Pivovarov’s social graph, and subsequent COLDRIVER targeting of the same individuals warrants further investigation. It is consistent with the possibility that the use of Cellebrite’s tools against Pivavarov may have later helped to enable further targeting and surveillance of other regime opponents abroad...
...In September 2020, a legal petition was filed by lawyer Eitay Mack against Cellebrite in the Tel Aviv District Court alleging the company sold its technology to the Russian Investigative Committee who used it for political repression. In March 2021, Cellebrite publicly cancelled their contract with Russian and Belarusian customers. The contract cancellation meant that the Russian and Belarusian authorities would cease to receive updates for their Cellebrite devices. More than a year later, however, it was reported that Cellebrite continued to be used to hack political detainees’ cellphones despite the contract cancellation...
...Cellebrite’s Continued Failure to Meet its Corporate Responsibility to Respect Human Rights...
After reports of human rights abuses and concerns, Cellebrite terminated contracts in Serbia, Russia, Belarus, Bangladesh, Hong Kong, and China. However, Cellebrite does not appear to have cancelled contracts with Kenya and Jordan, two other countries where human rights abuses associated with Cellebrite technology have been forensically confirmed by the Citizen Lab.2 We also note reports that authorities in Hong Kong reportedly continued to obtain Cellebrite technology after their access was officially cancelled via resellers that also continued to provide updates...
...Under the UNGPs, Cellebrite has a responsibility to respect human rights. This obligation requires that the company enact a robust human rights compliance system to prevent its technology from being used in or facilitating human rights abuses.3 This report suggests again that Cellebrite has fallen short of the well-established standards outlined in the UNGPs....
...On June 22, 2026, the Citizen Lab and Access Now contacted Cellebrite with a request for comment on our findings. We undertook to publish their response in full. Cellebrite responded, in part:
“Any use of legacy Cellebrite hardware in Russia after March 2021 is entirely unauthorized. The Cellebrite hardware previously sold, prior to March 2021, would now be incompatible with modern devices and would operate without our technical support, our consent or any legal sanction from Cellebrite. Rapid technology advances render legacy digital forensic hardware and software ineffective within a short period of time. Russia remains permanently on our restricted-customer list.”
Their full reply to the Citizen Lab is here....