Russia kept using Cellebrite gear to crack iPhones after Cellebrite said it had stopped selling to Russia.
Security researchers uncovered evidence that Russian authorities used a Cellebrite device to break into the iPhone of a political opponent. The finding is notable because Cellebrite — the Israeli company best known for selling phone-unlocking hardware to law enforcement — announced it would cut off Russia following the 2022 invasion of Ukraine. The researchers did not specify how Russian officials obtained the device, but the implication is clear: export bans and voluntary cutoffs do not guarantee tools stay out of banned hands.
The case illustrates a persistent blind spot in the sanctions-and-cutoff model: hardware, unlike a software subscription, does not phone home and does not expire. Once a device is in the field — whether purchased before a ban, acquired through a third country, or obtained via gray-market resale — the selling company has little practical control over how it is used. For dissidents and journalists operating anywhere near Russian jurisdiction, that is not a hypothetical.
Cellebrite has faced similar scrutiny before; researchers have previously documented its tools appearing in authoritarian states the company claimed were off-limits. The pattern suggests that public commitments to cut off repressive governments are, at best, a starting point — and, without verifiable enforcement mechanisms, closer to marketing.