Ddos 
A security researcher published a proof-of-concept exploit code for an Android zero-day exploit chain developed by Cellebrite to unlock the device of a student activist in the country and attempt to install spyware.
Tracked as CVE-2024-53104, this flaw has been publicly exposed after being linked to an attempted spyware installation on the device of a student activist, according to a joint investigation by Amnesty International’s Security Lab and Google’s Threat Analysis Group (TAG).
The exploit, attributed to Cellebrite, an Israeli digital forensics company known for its phone-unlocking tools, was part of a sophisticated attack chain used to extract sensitive data from locked Android devices. The company’s tools are frequently used by law enforcement and intelligence agencies around the world, but this latest case raises troubling ethical concerns.
CVE-2024-53104 is a high-severity privilege escalation flaw in the USB Video Class (UVC) driver of the Android kernel. The vulnerability stems from how the uvc_parse_format function handles undefined video stream frames (specifically the UVC_VS_UNDEFINED type). A miscalculation in the frame buffer size opens the door for out-of-bounds writes, allowing attackers to perform arbitrary code execution or trigger denial-of-service conditions.
The attack is considered low complexity and requires only local access, making it ideal for on-device manipulation during forensic analysis or post-seizure data extraction.
Google TAG’s deeper inspection unveiled a trio of zero-day vulnerabilities abused in tandem within Cellebrite’s exploit chain:
- CVE-2024-53104 – USB Video Class exploit (Privilege Escalation)
- CVE-2024-53197 – ALSA USB-sound driver flaw
- CVE-2024-50302 – USB HID device vulnerability
These bugs, all within Linux kernel USB subsystems leveraged by Android, were marked as “under limited, targeted exploitation” in Google’s February 2025 Android security bulletin.
While Cellebrite markets its tools as instruments for lawful investigations, this incident blurs the lines between legitimate digital forensics and invasive surveillance. The exploit was allegedly used against a student activist.
Security researcher Zhuowei has published a proof-of-concept (PoC) for the CVE-2024-53104 vulnerability on GitHub, confirming the feasibility of the exploit and raising community awareness.
The Android security update for February 2025 includes the patch for CVE-2024-53104, and users are urged to apply the latest updates immediately. Device manufacturers and vendors relying on downstream Android kernels must also integrate and push these critical security fixes.
Related Posts:
- CVE-2024-53104: Critical Zero-Day Vulnerability Patched in February 2025 Android Security Update
- Cellebrite Spyware Bypasses Android Lock Screens with Zero-Day Flaws
- South Korean CSOs Under Cyberattack: 3-Year Study
- Ukrainian Activists Strikes: Trigona Ransomware Servers Hacked
About The Author
