{"uuid": "c1d2888a-e3fb-49e6-ba8f-5034c43415af", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "name": "The Qualcomm DSP Driver - How Serbian authorities have deployed surveillance technology and digital repression tactics", "description": "Amnesty International identified how Serbian authorities used Cellebrite to exploit a zero-day vulnerability (a software flaw which is not known to the original software developer and for which a software fix is not available) in Android devices to gain privileged access to an environmental activist\u2019s phone. The vulnerability, identified in collaboration with security researchers at Google Project Zero and Threat Analysis Group, affected millions of Android devices worldwide that use the popular Qualcomm chipsets. An update fixing the security issue was released in the October 2024 Qualcomm Security Bulletin. \n\n[Related bundle](https://vulnerability.circl.lu/bundle/aaa30339-107b-4cb3-8a1a-3e5d8398b429) on Vulnerability-Lookup (Patch for Android).\n\n#### Investigation from Amnesty International\n[https://github.com/AmnestyTech/investigations/tree/master/2024-12-16_serbia_novispy](https://github.com/AmnestyTech/investigations/tree/master/2024-12-16_serbia_novispy)\n\n#### \u201cA Digital Prison\u201d: Surveillance and the suppression of civil society in Serbia\n[https://securitylab.amnesty.org/latest/2024/12/a-digital-prison-surveillance-and-the-suppression-of-civil-society-in-serbia/](https://securitylab.amnesty.org/latest/2024/12/a-digital-prison-surveillance-and-the-suppression-of-civil-society-in-serbia/)\n\n\n", "creation_timestamp": "2024-12-17T20:41:33.726716+00:00", "timestamp": "2024-12-17T21:34:38.480165+00:00", "related_vulnerabilities": ["CVE-2024-38402", "CVE-2024-49848", "CVE-2024-21455", "CVE-2024-43047", "CVE-2024-33060"], "meta": [{"ref": ["https://googleprojectzero.blogspot.com/2024/12/qualcomm-dsp-driver-unexpectedly-excavating-exploit.html", "https://securitylab.amnesty.org/latest/2024/12/serbia-a-digital-prison-spyware-and-cellebrite-used-on-journalists-and-activists/", "https://github.com/AmnestyTech/investigations/tree/master/2024-12-16_serbia_novispy", "https://securitylab.amnesty.org/latest/2024/12/a-digital-prison-surveillance-and-the-suppression-of-civil-society-in-serbia/"]}], "author": {"login": "cedric", "name": "C\u00e9dric Bonhomme", "uuid": "af0120d0-3dac-4a6a-974b-a9f33d2a9846"}}