European Lawmaker’s Smartphone Infected with Pegasus Spyware – Zero‑Click Exploit Used Twice
What Happened — The Citizen Lab confirmed that the iPhone of MEP Stelios Kouloglou was infected with NSO Group’s Pegasus spyware on Oct 21 2022 and again in early Mar 2023. The attacks leveraged the zero‑click “PWNYOURHOME” exploit that abused HomeKit and MessagesBlastDoorService before Apple issued patches in iOS 16.1 and iOS 16.3.1.
Why It Matters for Compliance & Audit Readiness
- A zero‑day, zero‑click compromise bypasses traditional credential‑based defenses, highlighting the need for SOC 2‑aligned access‑control policies that cover device‑level protections and continuous monitoring.
- Demonstrates that audit evidence must include endpoint‑security controls (e.g., mobile‑device‑management logs, patch‑management records) to prove due diligence in protecting sensitive personal and governmental data.
- Provides a real‑world case for the Security Awareness Training component of SOC 2, as targeted individuals often lack visibility into sophisticated, silent attacks.
Who Is Affected – Government & public‑sector officials, journalists, and any organization handling high‑value political or personal data.
Recommended Actions
- Map mobile‑device‑management (MDM) and patch‑management processes to SOC 2 CC6.1 (Logical Access) and CC6.2 (System Operations).
- Collect and retain MDM logs, iOS update records, and threat‑notification receipts as audit evidence.
- Strengthen security‑awareness programs to include nation‑state threat briefings and zero‑click exploit detection.
Source: DataBreachToday
Technical Notes – The PWNYOURHOME exploit delivered a malicious NSKeyedArchive to HomeKit, then leveraged MessagesBlastDoorService. Apple mitigated HomeKit in iOS 16.3.1 (Feb 13 2023) and likely fixed MessagesBlastDoorService in iOS 16.1 (Oct 24 2022). No CVE was publicly assigned at the time of reporting.
Source: Citizen Lab report (2026)