Russian journalist targeted with spyware through iPhone exploit without any user interaction

Cupertino, September 14, 2023

A recent report revealed that Galina Timchenko, an award-winning Russian journalist, had Pegasus spyware installed on her iPhone. This incident brings to light the various methods government and law enforcement agencies use to deliver this intrusive surveillance tool to target devices. Timchenko, an exiled investigative journalist and co-founder of the news site Meduza, received a threat notification from Apple in June, warning her about a state-sponsored attack on her device. Apple has introduced spyware threat notifications to assist users who are individually targeted due to their activities.

In order to understand the alarm, Meduza's technical director reached out to Citizen Lab, a renowned research group at the University of Toronto specializing in digital espionage investigations. Citizen Lab researchers examined artifacts from Timchenko's phone and quickly determined that Pegasus had been installed on her device in February. Citizen Lab, in collaboration with nonprofit organization Access Now, conducted an investigation into the incident and released two separate reports on the matter. They believe that the infection could have persisted for several days to weeks after the initial exploitation. The infection was achieved through a zero-click exploit called PWNYOURHOME, targeting Apple's HomeKit and iMessage. However, the attack was not attributed to a specific nation-state actor.

Citizen Lab previously discovered two other zero-click exploits, FIDMYPWN and LatentImage, used by NSO Group customers to install Pegasus on iPhones in 2022. These exploits target the Find My feature and HomeKit, respectively. There has been a surge in iOS exploits and vulnerabilities targeting iPhone users. Citizen Lab recently found a threat, known as Blastpass, that exploited two no-click zero-day vulnerabilities in the latest version of iOS. They urged users to update their devices immediately.

This incident demonstrates that adversaries have multiple ways to exploit vulnerabilities in the iOS environment and install spyware on targeted devices. In Timchenko's case, the spyware provided the attacker with complete access to her iPhone, including passwords, correspondence, personal information of Meduza staff, and even the identities of individuals collaborating with the news site.

Pegasus, developed by Israeli company NSO Group, is a controversial surveillance tool used by government agencies and law enforcement authorities. It allows customers to extract various types of data from mobile devices, such as messages, emails, media files, passwords, and precise location information. The spyware uses advanced techniques to avoid detection by antivirus and threat detection tools. NSO Group claims to sell Pegasus exclusively to authorized agencies for legitimate purposes, but critics argue that it enables governments, particularly those with poor human rights records, to spy on journalists, activists, and political opponents. In 2021, a leaked database revealed that NSO Group clients had selected over 50,000 phone numbers for surveillance, including those of journalists and human rights activists.

According to a senior researcher at Citizen Lab, NSO customers typically spend large sums of money for access to Pegasus, possibly reaching tens of millions of dollars.

Best selling & Top trending HomeKit product in our shop at this moment

HomeKit.Blog is in no way affiliated with or endorsed by Apple Inc. or Apple related subsidiaries.

All images, videos and logos are the copyright of the respective rights holders, and this website does not claim ownership or copyright of the aforementioned.

All information about products mentioned on this site has been collected in good faith. However, the information relating to them, may not be 100% accurate, as we only rely on the information we are able to gather from the companies themselves or the resellers who stock these products, and therefore cannot be held responsible for any inaccuracies arising from the aforementioned sources, or any subsequent changes that are made that we have not been made aware of.

HomeKit.Blog Is A Participant In The Amazon Services LLC Associates Program, An Affiliate Advertising Program Designed To Provide A Means For Sites To Earn Advertising Fees By Advertising And Linking To Amazon Store (, Or,,, Or

The opinions expressed on this website by our contributors do not necessarily represent the views of the website owners. 

Copyright © 2022 HomeKit Blog
. All rights reserved
United States