Russia’s Continued Use of Cellebrite Technology
In June 2021, Russian authorities employed Cellebrite’s Universal Forensic Extraction Device (UFED) to access the iPhone of opposition figure Andrey Pivovarov. This action occurred despite Cellebrite’s public announcement in March 2021 that it had ceased all business with Russian clients, as uncovered by a forensic investigation by the Citizen Lab at the University of Toronto.
Detention and Device Confiscation
On May 31, 2021, Pivovarov, who led the pro-democracy group Open Russia, was detained by Russian security forces at St. Petersburg Airport. This followed his decision to disband Open Russia’s Russian operations to shield staff from legal repercussions under new laws on “undesirable organizations.” During his detention, his iPhone 12 and Apple MacBook were seized without his consent or provision of passwords. These devices remained with authorities until they were returned in 2023, following his sentencing to four years in prison for his involvement with an “undesirable” group. Pivovarov was eventually released during a notable U.S.-Russia prisoner exchange in August 2024.
Forensic Evidence and Investigations
While attending the World Liberty Congress in Berlin in the fall of 2025, Pivovarov consulted Citizen Lab researchers. Initial examinations of his iPhone revealed signs of forensic data extraction, prompting a deeper investigation. The analysis identified traces of Cellebrite’s UFED on his device around June 17, 2021, three months after the company stated it would no longer sell to Russian or Belarusian entities.
The forensic evidence included a specific Host ID found in MobileLockdown USB records, which Citizen Lab had previously linked to Cellebrite in a separate investigation concerning Jordanian civil society. Russian official documents corroborated these findings, referencing Cellebrite’s tools as instrumental in data extraction from Pivovarov’s devices.
Implications and Responses
Investigators discovered that Russian authorities extracted communications from applications like WhatsApp, Telegram, and Viber, leveraging Cellebrite’s tools to search for politically sensitive keywords. Despite Cellebrite’s contract termination, Russian continued use of the UFED platform suggests that its offline capabilities and self-sustaining architecture rendered the cessation ineffective.
Citizen Lab highlighted a troubling connection: individuals searched on Pivovarov’s device, including notable opposition figures, were later targeted by phishing campaigns linked to Russia’s FSB, as documented in a 2024 joint investigation by Citizen Lab and Access Now. This correlation suggests a need for further inquiry into whether Cellebrite’s extracted data may have facilitated broader FSB surveillance operations.
Call for Accountability
This incident is part of a broader pattern of Cellebrite technology misuse identified in countries like Serbia, Kenya, and Jordan. In response, Access Now and Citizen Lab have urged Cellebrite to introduce technical “kill switches” and enhance human rights due diligence in their sales processes. Despite these calls, Cellebrite, listed on the Nasdaq, has yet to announce strategic changes to its export controls following the revelations about Pivovarov.
