Russian authorities broke into a detained activist’s iPhone using Cellebrite’s UFED forensic tools in June 2021 — three months after Cellebrite publicly said it would stop selling to Russia and Belarus.
The finding comes from the Citizen Lab, published June 25, and it’s unusually well-sourced. Researchers found Cellebrite traces on the phone itself, and they got an official Russian forensic report that names the tool by product.
The phone belonged to Andrey Pivovarov, who ran Open Russia, an opposition group the Kremlin had branded “undesirable.” He was pulled off a flight at St. Petersburg airport on May 31, 2021. His iPhone 12 and MacBook were seized. He never gave consent or passwords. He was later sentenced to four years, freed in a 2024 prisoner exchange.
MobileLockdown records on the phone showed a connection on June 17, 2021 to a host ID matching a Cellebrite fingerprint identified in a prior Jordan case. That’s strong evidence. Russia’s own paperwork — Forensic Expert Report No. 1269-17 — names UFED Physical Analyzer and UFED 4PC. It documents data extraction from WhatsApp, Telegram, and Viber, and shows investigators searching for opposition figures including Mikhail Khodorkovsky.
The MacBook held firm. The MVD report describes a failed extraction blocked by encryption, and Citizen Lab found matching failed login attempts. Authorities never had the password.
Here’s the core problem. Cellebrite’s March 2021 cutoff stopped new sales and updates. But UFED works offline. The installed base sitting in Russian police offices kept running. That’s the gap — a sales cutoff doesn’t neutralize hardware already in the field.
Cellebrite told Citizen Lab and Access Now that any use of its legacy hardware in Russia after March 2021 is “entirely unauthorized.” It says the old hardware would be incompatible with modern devices and is shifting to subscription licenses that expire. Legally meaningful? Maybe. Operationally? The tool worked when investigators had the phone.
Russia now joins Serbia, Kenya, and Jordan on the list of Cellebrite abuse cases backed by forensics. The lesson is specific: leaving offline-capable tools in the field after a sales cutoff isn’t much of a cutoff when the phone is already in a custody room.
