Russia Used Cellebrite on Jailed Activist's iPhone Months After Sales Cutoff

Russian authorities used Cellebrite's UFED forensic tools to break into the iPhone of detained opposition activist Andrey Pivovarov in June 2021, three months after Cellebrite said it would stop selling its tools and services to Russia and Belarus. The finding, published June 25 by the Citizen Lab, rests on two things that rarely line up: traces on the phone itself and an official Russian

According to Citizen Lab and multiple reports, Russian authorities used Cellebrite's UFED forensic tools to access the iPhone of jailed opposition activist Andrey Pivovarov in June 2021, three months after Cellebrite publicly stated it had stopped sales and services to Russia and Belarus.[1][2][7] The incident shows that once powerful digital forensics/surveillance tools are deployed, they can continue to be used by state actors even after vendors cut off official access, undermining vendor assurances and export controls.[3][5] From a CyberSE.AI perspective, this highlights a critical AI and digital forensics supply chain risk: organizations cannot rely solely on vendor policy statements to manage misuse, and must treat any third‑party analytical or investigative tooling (including AI-powered forensics) as potentially persistent and uncontrollable once distributed. Security programs should incorporate rigorous AI supply chain governance, contractual controls, usage monitoring, and SBOM-style asset tracking to understand where sensitive analytics tools are deployed, how they might be repurposed, and what obligations exist if tools fall into hostile or high‑risk jurisdictions.