Spyware attack attempts on mobile devices of members of civil society discovered

SHARE Foundation warns of the disastrous impact of misuse of technology against the critical public in Serbia

On October 30, two members of civil society from Belgrade received an alert from Apple that they were potential targets of state-sponsored technical attacks. Thanks to good cooperation with civil society organisations in Serbia, they contacted the SHARE Foundation immediately after receiving the warning and asked to check the allegations to determine if their devices were attacked by any known spyware.

After the SHARE Foundation team, in cooperation with Internews, received confirmation from Apple representatives that the alerts were authentic, mobile devices were analysed to determine whether they had traces of spyware infection, among which the most well-known are Pegasus and Predator. For the final confirmation, the SHARE Foundation team turned to international organisations Access Now and Amnesty International, which have high expertise in the field of digital forensics.

Based on the reviewed data, these two respectable organisations confirmed that traces of an attack attempt that took place on 16 August 2023 were found on both mobile devices. Both expert organisations came to the same findings – that in the initial phase the attack was attempted via a vulnerability in the iPhone’s HomeKit functionality. The Pegasus spyware has previously been linked to multiple exploits targeting HomeKit, including PWNYOURHOME.

The SHARE Foundation warns that spyware attacks on representatives of the critical public have a disastrous impact on democracy and human rights, especially in the pre-election period. The use of spyware is illegal and incompatible with democratic values.

We remind the public that these and similar tools for technical attacks on mobile devices are used by non-democratic regimes around the world to spy on members of the opposition, civil society, independent media, dissidents and other actors working in the public interest. Such activities threaten the freedom of expression and association, as well as the right to privacy and secrecy of communication guaranteed by domestic and international law.

The SHARE Foundation invites media and civil society representatives who may have received the same message from Apple to contact the foundation to verify the warning.

NOTE: In accordance with the wishes of the members of civil society who were the target of the attack, as well as with security measures, SHARE Foundation will not provide additional details about this incident.

NOTE 2: The part of the text related to device analysis and vulnerabilities that were targeted was amended on 29 November 2023 at 12:38 for precision.