Malware
1 Facebook x.com Reddit BlueSky
Apple's HomeKit is under scrutiny as Serbian authorities suspect it of using it to install Pegasus spyware without any user interactions.
According to Amnesty International, two tools are at the center of the spyware campaign — the infamous Pegasus spyware and a local system called NoviSpy. Pegasus, created by Israel’s NSO Group, is a powerful tool.
While Serbia’s use of spyware has recently gained attention, Pegasus has been deployed around the world. Governments and organizations around the world have used it to target journalists, human rights defenders, and opposition leaders.
How the Spyware Works
Pegasus, created by Israel’s NSO Group, uses zero-day vulnerabilities that are unknown to software makers to surreptitiously infect devices. Once installed, it can scrape messages, emails, photos, and media files, and turn your phone into a surveillance tool.
The attack reportedly does not require any user interaction, such as clicking on a link, to begin.
NoviSpy works similarly, but appears to be tailored for Serbia. Unlike Pegasus, which has a global reach, NoviSpy was reportedly installed during physical seizures of devices during police traffic stops or during “informational interviews.”
While Cellebrite sells its tools for forensic purposes, they can be misused by state actors to unlock phones, bypassing security measures and allowing spyware to be installed.
Targeting Serbs
One journalist, Slavisa Milanov, noticed his phone was behaving strangely after leaving it at a police station for just a few minutes. Analysis revealed that not only had his phone been unlocked with Cellebrite, but NoviSpy had also been installed at the time.
NSO Group
These tools allow authorities to map personal networks, monitor encrypted chats on apps like Signal, and gather intelligence on protests or activism efforts.
For activists and journalists, the implications have been alarming. One activist said he now only meets with sources in public places and avoids using his phone altogether. Another said he questioned his entire role in civil society after learning he had been hacked.
Apple Vulnerabilities
Authorities may have exploited vulnerabilities in Apple’s HomeKit system to deliver spyware. HomeKit, Apple’s smart home platform, uses secure protocols to communicate with devices, but attackers can exploit the vulnerabilities through malicious invitations or network manipulation.
Apple’s iMessage remains a common target for zero-day exploits, primarily due to its widespread use and extensive functionality. Pegasus often uses these vulnerabilities to remotely install spyware. While HomeKit exploits appear less common, the report suggests they provide another entry point for attackers.
Tools like Pegasus have been used around the world to target journalists, human rights activists, and opposition leaders. Apple has responded by introducing features like lockdown mode that aim to protect users from these sophisticated attacks.
However, as the report points out, spyware developers are constantly finding new ways to exploit vulnerabilities, sometimes even in Apple systems like HomeKit.
This Isn't a New Case for Apple
Apple has taken a multi-faceted approach to combating spyware like Pegasus, combining legal and technical efforts. In 2021, Apple sued NSO Group for its role in deploying the Pegasus spyware, seeking to block its access to Apple devices and services.
The company successfully retained its ongoing case in the US after a judge denied NSO's motion to move the trial to Israel. In iOS 16, Apple introduced Blocking Mode to limit high-risk attack surfaces.
However, Pegasus continued to evolve in 2023, releasing three new zero-click exploits targeting iPhones.
Apple has beefed up its security by hiring engineers in Paris to identify vulnerabilities before attackers can exploit them. But spyware developers persist, highlighting the ongoing challenge of protecting devices from sophisticated threats.
How Users Can Protect Themselves
Journalists, activists, and others concerned about spyware can take simple steps to reduce their risk. Enabling Lockdown Mode in iOS provides an extra layer of protection for those facing elevated threats.
Lockdown Mode, an advanced security feature of iOS, protects high-risk users from targeted spyware attacks. It limits device functionality that could be exploited by attackers, such as blocking message attachments, disabling link previews, and restricting incoming FaceTime calls from unknown contacts.
To enable Lockdown Mode on your iPhone or iPad, open the Settings app, go to Privacy & Security, and scroll down to select Lockdown Mode. Tap Turn on Lockdown Mode, read the explanation, and confirm by selecting Turn on & Restart.
Your device will reboot with Lockdown Mode enabled, limiting certain features to improve security. You can turn it off at any time by following the same steps.
Next, using strong, frequently updated passwords and enabling two-factor authentication can help protect devices from unauthorized access. It's also important to be cautious when receiving unexpected HomeKit invitations or suspicious messages, as these entry points can be exploited by attackers.
Apple's reputation for privacy remains strong, but these recent incidents show that no system is completely impenetrable.
Follow AppleInsider on Google News
