HomeKit exploit used for spyware attacks on iPhones, says Amnesty International

Amnesty International said Safety vulnerability home kit used to target iPhone Belongs to Serbian journalists and activists.

Civil rights groups subsequently launched an investigation apple Notified two victims that their devices had been hacked Pegasus Spyware…

Apple detects NSO’s Pegasus attack

NSO Group produces spyware called Pegasus, which is sold to governments and law enforcement agencies. The company purchased so-called zero-day exploits (vulnerabilities unknown to Apple) from hackers and its software is said to be able to install zero-click vulnerabilities – targets that require no user interaction.

In particular, it has been reported that simply receiving a specific iMessage (without opening it or interacting with it in any way) can lead to a compromised iPhone, thereby exposing personal data.

iOS will now proactively scan iPhones for signs of Pegasus attacks, and Apple sends alert to its owners.

Amnesty International confirms hack

Amnesty International says Two of the original victims followed Apple’s advice to seek help and were able to confirm the attacks.

Two activists with ties to a prominent Serbian think tank received personal notifications from Apple that their devices may have been subject to a “state-sponsored attack.” [They then] The Belgrade-based SHARE Foundation, in partnership with Amnesty International and Access Now, was contacted to conduct separate forensic analysis of the iPhones of the two notified individuals. […]

Amnesty International has now identified the two men through technical and forensic research
It is indeed the target of NSO Group’s Pegasus spyware.

More victims were later identified.

HomeKit was hacked to facilitate attacks

Amnesty International discovered that an apparent HomeKit vulnerability was exploited to carry out the attack.

The goal of the two devices was to gain access to each other’s minutes via two different iCloud email addresses controlled by the attacker. Amnesty International attributed the two email accounts to the Pegasus spyware system. Amnesty International regularly discovers similar iCloud accounts used to deliver zero-click Pegasus attacks to target devices via iMessage […]

The spyware traces targeted through the Apple HomeKit service are very similar to attack techniques found in other NSO Group Pegasus attacks observed by Amnesty International’s Security Lab during the same period.

Security Lab confirmed that another group of individuals in India who were notified by Apple in the same round of notifications were indeed targeted by Pegasus, a unit of NSO Group, in August 2023. traces of use.

Details of the HomeKit vulnerability have not yet been disclosed, possibly because Apple is still blocking the vulnerability.

Android phones are also affected

Android smartphones were also compromised in the attack. Additionally, Cellebrite technology was used to install surveillance software on victims’ locked devices after they went to police to report a crime – most likely by government employees to gain access to police stations.

This particular route relies on an Android vulnerability and therefore cannot be used against the iPhone.

through 404 media. photography: Patrick Campanale exist Not splashed.