Cyber-Attacks on Human Rights Activists via iOS 15 and 16
Citizen Lab, an organisation that focuses on human rights, communication technologies, and global security for the people, has posted findings today of exploits used against human rights activists in Mexico.
The exploits used were conducted by the NSO Group, an organisation that provides global cyber security against terrorists and criminals. The NSO Group deployed their Pegasus spyware on Apple Inc.’s latest mobile operating systems on iOS 15 and 16.
As explained by Citizen Lab, one exploit called ‘Pwnyourhome’ carries out a two-step cyberattack. The first phase of the attack infiltrates a target's HomeKit settings on their Apple devices (also known as Apple Home, which is an application used to control smart-home appliances). ‘Pwnyourhome’ can then change the settings in HomeKit to allow PNG image downloads via Apple Inc.’s iMessage. The downloaded PNGs cause the key component of BlastDoor to crash, an iOS feature used to block malware distribution through iMessage. During the second phase of the attack, begins the distribution of malware, the distributed malware carries out cyber attacks using ‘pointers’, which are basic units of data applications need to use for processing. To get around the iOS detection system, ‘Pwnyourhome’ repurposes the already verified pointers for malicious purposes instead of creating new pointers for processing.
The second exploit found by Citizen Lab, called ‘Findmypwn’, uses a similar 2-step attack to ‘Pwnyourhome’ but instead of exploiting the HomeKit application, the malware exploits the ‘Find My’ feature used to locate lost Apple devices. After deployment, a software module called ‘fmfd’ that powers the feature closes and relaunches while phase two of the attack has iMessage download data in the background.
The third exploit discovered, named ‘Latentimage’, also uses the ‘fmfd’ system module exploit, but deploys NSO Group’s Pegasus spyware using a different method than ‘Findmypwn’.
“Targets we found in the 2022 target pool reported receiving notifications from Apple in November and December 2022, and March 2023,” Citizen Lab’s researchers detailed. “We highly encourage all at-risk users to enable Lockdown Mode on their Apple devices. While the feature comes with some usability cost, we believe that the cost may be outweighed by the increased cost incurred on attackers.”
The findings made by Citizen Lab were shared with Apple last year in October and this year in January and have been patched out using Apple’s ‘Lockdown’ feature.
Your Security is our Priority
Your friendly Support Team
Speak to us about all your computer needs
This is Part of our Cyber Security awareness educational campaign. Through this training, you will learn awareness and key principles, and best practices to protect yourself, your organisation, and the public from cyber attackers. You will also be equipped with the knowledge to identify potential threats and take action before any damage can occur.