Overview
- Citizen Lab researchers found that Andrey Pivovarov’s iPhone 12 connected by USB to a Cellebrite UFED in June 2021, and Russian prosecution documents name UFED products and describe extractions of WhatsApp and Telegram data.
- The phone was seized in May 2021 while Pivovarov was detained, and the forensic timestamps and an official forensic report together support that investigators used Cellebrite tools while the device was in government custody.
- Cellebrite says it stopped sales to Russia in March 2021 and that any post‑March use of legacy hardware would be unauthorized, incompatible with modern devices, and without company support.
- Citizen Lab warns that UFED’s historic design and offline mode let much functionality run after support ends, which makes it hard for vendors to fully disable devices already in the field and creates a gap in the effect of sales cutoffs.
- Human rights groups and researchers are urging concrete fixes such as a remote killswitch, cryptographic watermarks on extractions, and tighter export or licensing controls to curb future misuse and protect targets of political surveillance.