A new case revealed by Amnesty International indicates that a security flaw in HomeKit allowed Pegasus spyware to infiltrate the iPhones of two Serbian activists. Pegasus represents a real headache for Apple.
Pegasus: again and again!
Even though Apple is one of the most secure technology platforms in the world, it remains vulnerable to malicious actions by certain criminal networks. As such, Apple has been pursuing NSO Group and its Pegasus spyware for more than three years, a formidable surveillance tool.
NSO Group develops Pegasus, spyware for government agencies and law enforcement. To design these tools, the company acquires so-called “zero-day” vulnerabilities, still unknown to companies like Apple. Pegasus can exploit “zero click” vulnerabilities, where the target has no action to take. For example, a simple malicious iMessage can be enough to compromise an iPhone, allowing access to the user’s personal data without the user needing to open or interact with the message.
Amnesty International warns Apple
Amnesty International revealed that a security flaw in HomeKit allowed attacks via Pegasus spyware. This type of attack without user interaction, known as “zero-click”, targeted journalists and activists in Serbia using malicious iMessages sent from iCloud addresses. For security reasons, no precise details have been communicated.
Apple does not intend to remain passive and has set up an alert system to warn iOS users when a Pegasus infection is detected. This initiative represents a major asset in the fight against computer espionage, a real scourge of our time.
Two activists associated with prominent think tanks in Serbia received individual notifications from Apple regarding a possible “state-sponsored attack” targeting their devices.
They then contacted the Belgrade-based SHARE Foundation which worked with Amnesty International and Access Now to conduct separate forensic analyzes of the iPhones of the two notified individuals.
Technical and forensic research allows Amnesty International to confirm that the two individuals
were indeed targeted by NSO Group’s Pegasus spyware.
This case illustrates the growing risks linked to the vulnerabilities of connected ecosystems, despite the efforts made by Apple to secure its products. This highlights the importance of systematically updating your iPhone to the latest version available. This recommendation also applies to Android users, as Google’s platform has also been affected by this situation.
