Zero-Click HomeKit Exploit Used to Spy on Serbian Journalists

A new report by Amnesty International reveals that NSO Group’s Pegasus spyware was used to target iPhones belonging to Serbian journalists and activists. The attacks were conducted using a zero-click exploit in the HomeKit feature, allowing attackers to compromise devices without any user interaction.

The investigation began in October 2023 when two Serbian activists affiliated with prominent think tanks received state-sponsored attack notifications from Apple. Working with the Belgrade-based SHARE Foundation and Access Now, Amnesty International conducted forensic analyses of the victims’ iPhones.

Amnesty confirmed the devices were targeted with Pegasus spyware but noted difficulties in determining whether the targeting was fully successful. The attacks occurred within minutes of each other, originating from two attacker-controlled iCloud email addresses. Amnesty attributed these accounts to Pegasus infrastructure, consistent with prior findings on similar zero-click attacks: “The traces of spyware targeting through Apple’s HomeKit service closely resemble the attack techniques seen in other NSO Group Pegasus attacks observed by Amnesty International’s Security Lab.”

The organization identified additional victims in India, where similar traces of HomeKit exploitation were observed before the full Pegasus payload was delivered over iMessage in August 2023.

Amnesty International believes that the attacks were carried out using a vulnerability in the HomeKit feature, which allows attackers to establish a link with the device and send malicious content via iMessage. The spyware can then collect personal data and monitor device activity.

The NSO Group sells Pegasus spyware to governments and law enforcement agencies. The company claims that the software is only used for legitimate purposes, such as investigating terrorism and organized crime. However, Amnesty International has repeatedly documented cases of Pegasus being used to target journalists, activists, and political dissidents.

The latest report highlights the serious security risks posed by spyware and the need for greater transparency and accountability in the sale and use of such tools. Amnesty International calls on Apple to take steps to address the vulnerability in HomeKit and to provide more information about the attacks.

While Apple has not publicly disclosed technical details of the HomeKit vulnerability, it is actively working to block the exploit. The company regularly issues security updates to address zero-day vulnerabilities, and users are strongly advised to keep their devices updated to the latest software versions.

This is not the first time that Pegasus spyware has been used to target journalists and activists. In 2021, a similar attack was discovered targeting journalists and human rights defenders in Mexico. The attacks were also carried out using a zero-click exploit in the iMessage app.

The use of spyware to target journalists and activists is a serious violation of human rights. It can have a chilling effect on freedom of expression and can put individuals at risk of harassment, intimidation, and even physical harm.

Related Posts:

• Security researchers found the Apple HomeKit vulnerability
• Ukrainian Activists Strikes: Trigona Ransomware Servers Hacked
• Israel uses Pegasus spyware to track hostages in Gaza
• Serbian Spyware Scandal: Civil Society Under Siege
• EU justice officials were targeted by Pegasus spyware