In June 2021, Russian authorities utilized Cellebrite’s Universal Forensic Extraction Device (UFED) to access the iPhone of detained opposition activist Andrey Pivovarov. This occurred three months after Cellebrite announced it would cease sales and services to Russia and Belarus.
Pivovarov, who led the opposition group Open Russia, was apprehended on May 31, 2021, at St. Petersburg airport. His iPhone 12 and MacBook were confiscated during the arrest. Despite not providing consent or passwords, his devices remained in custody until 2023. In July 2022, he received a four-year sentence but was released in August 2024 as part of a prisoner exchange.
Upon regaining possession of his iPhone, Pivovarov collaborated with Citizen Lab researchers in late 2025. Their analysis revealed that on June 17, 2021, the device connected to a host identified as a Cellebrite system. This connection was corroborated by a Russian forensic report, which explicitly mentioned the use of Cellebrite’s UFED Physical Analyzer and UFED 4PC to extract data from messaging apps like WhatsApp, Telegram, and Viber. Investigators searched for information related to Open Russia and prominent opposition figures.
Notably, the authorities failed to access Pivovarov’s MacBook due to encryption barriers, as indicated by unsuccessful login attempts recorded on the same date.
Cellebrite had declared in March 2021 that it would halt sales to Russia and Belarus. However, existing hardware remained operational, allowing Russian agencies to continue using the tools. The company stated that any post-March 2021 use of its products in Russia was unauthorized and unsupported. They emphasized that their shift to subscription-based licenses aims to prevent such unauthorized usage in the future.
This incident underscores the challenges in controlling the use of forensic tools once they are distributed. Even after sales are discontinued, existing devices can be exploited, raising concerns about potential misuse in politically motivated investigations. It highlights the need for stricter controls and oversight in the distribution and use of digital forensic technologies.
