Amnesty International has exposed a chain of three zero-day vulnerabilities in Android that enabled authorities to unlock phones using forensic tools, potentially affecting over a billion devices. The flaws, discovered in the core Linux USB kernel, were identified by the organization's researchers after investigating the hack of a student protester's phone in Serbia.

The vulnerabilities, which were unknown to Google, were exploited by phone-unlocking company Cellebrite, allowing Serbian authorities to unlock the phones of activists and journalists using the company's tools. Amnesty International shared its findings with Google's anti-hacking unit, Threat Analysis Group, which led to the identification and fixing of the three separate flaws.

The investigation began when Amnesty researchers found traces of one of the flaws in a case in mid-2024. They then shared their findings with Google, which prompted the company to fix the vulnerabilities. The flaws were found to be exploited by Cellebrite, which provided forensic tools to Serbian authorities, enabling them to unlock phones without the owners' knowledge or consent.

In a statement, Cellebrite announced that it had stopped its Serbian customer from using its technology following the allegations of abuse uncovered by Amnesty. The company claimed to have investigated each claim in accordance with its ethics and integrity policies, leading to the decision to stop the use of its products by the relevant customers.

The report highlights the risks associated with the use of forensic tools by authorities, which can be used to violate human rights. Amnesty International emphasized that the "seemingly routine use of Cellebrite software against people for exercising their rights to freedom of expression and peaceful assembly can never be a legitimate aim, and therefore is in violation of human rights law."

Donncha Ó Cearbhaill, the head of Amnesty's Security Lab, expressed concern over the far-reaching availability of such tools, fearing that "we are just scratching the surface of harms from these products." Meanwhile, Bill Marczak, a senior researcher at Citizen Lab, advised activists, journalists, and members of civil society to consider switching to iPhone due to these vulnerabilities.

Google did not immediately respond to a request for comment on the matter. The incident raises concerns about the security of Android devices and the potential misuse of forensic tools by authorities. It also highlights the importance of responsible disclosure and collaboration between tech companies, researchers, and human rights organizations to protect users' privacy and security.

The incident serves as a reminder of the ongoing cat-and-mouse game between tech companies, security researchers, and malicious actors. As the use of forensic tools and spyware continues to evolve, it is essential for tech companies to prioritize user security and privacy, while also ensuring that their products are not exploited for malicious purposes.