Pwnyourhome

Vulnerability updated 7 months ago (2024-05-04T17:17:54.803Z)
Download STIX
Preview STIX
The "PWNYOURHOME" vulnerability is a significant flaw in software design or implementation that was used against iPhones running iOS 15 and iOS 16 starting in October 2022. Identified by Citizen Lab, it is one of three zero-click exploits that were used to deploy the Pegasus spyware on target iPhones by NSO Group's clients. The vulnerability, which first targets the HomeKit process and then the iMessage service, is a novel two-step zero-click exploit. It was deployed as zero-days against iOS versions 15.5 and 15.6 (FINDMYPWN), and 16.0.3 (PWNYOURHOME). The attack process involved in PWNYOURHOME is similar to previous Pegasus attack vectors, as observed by both Citizen Lab and Amnesty’s Security Lab. Notably, the infection was conducted via a zero-click exploit, with forensic evidence suggesting moderate confidence that it was achieved through the PWNYOURHOME exploit targeting Apple's HomeKit and iMessage. However, neither Citizen Lab nor Access Now attributed the attack to any specific nation-state actor. Unfortunately, the NSO Group may have improved its exploit to avoid real-time warnings, although researchers have not seen PWNYOURHOME successfully used against any devices where Lockdown Mode is enabled. While Lockdown Mode does not provide protection for iOS 15, it did offer some protection against the PWNYOURHOME exploit, with device owners receiving real-time warnings when threat actors attempted to use the exploit. Despite the possibility of NSO Group devising a workaround for this real-time warning, no successful use of PWNYOURHOME has been observed on devices with Lockdown Mode enabled, according to Citizen Lab.
Description last updated: 2024-05-04T17:11:55.869Z
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at. Create a free account to see the source evidence for each alias, and help fix any errors.
Alias DescriptionVotes
Findmypwn is a possible alias for Pwnyourhome. FINDMYPWN is a zero-click exploit that was used against iOS 15 starting from June 2022. This two-step vulnerability targets the iPhone's Find My feature and iMessage, allowing for unauthorized access and control of the device. It has been observed being deployed as zero-days against iOS versions 15.
3
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Exploit
Ios
NSO Group
Imessage
Spyware
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Pegasus Malware is associated with Pwnyourhome. Pegasus is a highly controversial and sophisticated malware, developed by Israel's NSO Group, designed to covertly monitor and extract data from iOS and Android smartphones. Once installed, Pegasus can intercept messages, emails, media, and passwords, and track location data, all while evading detecUnspecified
2
Source Document References
Information about the Pwnyourhome Vulnerability was read from the documents corpus below. This display is limited to 20 results, create a free account to see more