According to a new report by Amnesty International, 23-year-old Serbian youth activist targeted his Android phone by exploitation of a zero-day developed by Celebrighte to unlock the device.
The International Non-Governmental Organization said, “The Android phone of a student protector was exploited and unlocked by a sophisticated zero-day exploitation chain, which targets Android USB drivers, developed by Celebrighte,” International Non-Governmental Organization, said, discovered a separate case in the middle of 20124.
The vulnerability in the question is CVE-2024-53104 (CVSS score: 7.8), is a case of privilege increase in a kernel component known as USB Video Class (UVC) driver. In December 2024, a patch was addressed for the defect in Linux Karnell. It was later addressed in Android earlier this month.
It is believed that the CVE-2024-53104 was combined with two other flaws-CVE-2024-53197 and CVE-2024-50302- Both have been solved in Linux kernel. They are not yet involved in an Android security bulletin.
- Cve-2024-53197 (CVSS Score: N/A)-An out-of-bounds access actions vulnerable
- Cve-2024-50302 (CVSS Score: 5.5) – An unirrigated resource vulnerability that can be used to leak currency memory
“Exploitation, which targeted Linux kernel USB drivers, enabled celebrity customers with physical access to a lock android device to bypass the lock screen of an Android phone and get a privileged access to the device,” said Amnesty.
“This case highlights how the real -world attackers are exploiting the surface of the USB attack of Android, which take advantage of the wide range of USB kernel drivers supported in Linux kernel.”
After a student protested in Belgrade, a police station and his phone were confiscated on December 25, 2024, named “Weather” to protect their secrecy, named “Vedran”.
Amnesty’s analysis found that exploitation was used to unlock their Samsung Galaxy A32 and authorities attempted to establish an unknown Android application. While the exact nature of the Android app is unclear, Modus Aperandi corresponds to the former novispy spyware infections reported in mid -December 2024.
Earlier this week, Celebress stated that its equipment is not designed to facilitate any kind of aggressive cyber activity and it works actively to reduce the misuse of its technology.
The Israeli company also said that it would no longer allow Serbia to use its software, “We found it appropriate to stop the use of our products by the concerned customers at this time.”
