Journalists Targeted in HomeKit-Linked iPhone Spyware Hack

Published:

A new spyware attack targeting Serbian journalists and activists has been linked to a vulnerability in Apple’s HomeKit platform. According to Amnesty International, attackers exploited the flaw to compromise iPhones without user interaction.
Victims were alerted by Apple, prompting an investigation that confirmed the devices had been infected with NSO Group’s Pegasus spyware.
Pegasus is infamous for using zero-day vulnerabilities—flaws unknown to software makers—to infiltrate devices. Simply receiving a specially crafted iMessage can trigger an infection, giving attackers access to messages, emails, photos, and more.
The attackers reportedly used iCloud accounts to deliver spyware through HomeKit, making it difficult to detect or prevent. Similar tactics were also observed in India, where other iPhone users were targeted using the same HomeKit exploit.
Apple has not revealed specific details of the HomeKit flaw, likely because it is still working to patch the issue. For now, users remain vulnerable to these types of attacks unless they take additional precautions.
Android Devices Also Targeted
The attack was not limited to iPhones. Android users were also targeted using a different approach. Serbian authorities reportedly used Cellebrite, a forensic tool, to unlock Android phones seized during traffic stops or interviews.
Once unlocked, spyware known as NoviSpy was installed. Unlike Pegasus, which operates globally, NoviSpy appears to be a locally developed spyware tool tailored for use within Serbia.
This method highlights the risks posed by physical access to devices, as police were able to gain control of phones in person. Once inside, attackers could access private communications, encrypted chat apps, and contact lists.
How to Stay Protected from Spyware Attacks
Apple has taken steps to counter these types of spyware attacks, including introducing Lockdown Mode in iOS. This security feature disables certain device functions that are frequently exploited in spyware attacks, like message attachments and FaceTime calls from unknown contacts. Users at high risk, such as journalists and activists, are encouraged to enable Lockdown Mode for an added layer of protection.
For Android users, securing devices with strong passwords, biometric locks, and encryption can reduce the risk of Cellebrite-based attacks. Regularly updating devices is also critical, as new patches often address vulnerabilities like those used in these attacks.
These attacks on both iOS and Android devices highlight the growing threat of spyware. With tools like Pegasus, NoviSpy, and Cellebrite being used by governments and state actors, privacy advocates emphasize the importance of vigilance and the adoption of stronger security measures.