If you suspend your transcription on amara.org, please add a timestamp below to indicate how far you progressed! This will help others to resume your work!
Please do not press “publish” on amara.org to save your progress, use “save draft” instead. Only press “publish” when you're done with quality control.
Presentation Outline:
1. Introduction
Introduction to the talk and the background of the speaker
2. Technical Analysis
In the technical analysis section we will cover in-depth the three stages of this attack including the exploits and the payloads used at each stage. We will detail the obfuscation and encryption techniques the developers used to hide the payloads. We will also examine the 0-day vulnerabilities, called Trident, that we found, which allow for a remote jailbreak on the latest versions of iOS (up to 9.3.4) via Safari.
* 0-days (responsibly disclosed to Apple)
* Malware techniques
* Obfuscation and encryption techniques
The technical analysis will continue and detail the software that gets installed including what it was designed to collect, which includes texts, emails, chats, calendars, and voice calls from apps including Viber, WhatsApp, Skype, SMS, iMessage, Facebook, WeChat, Viber, WhatsApp, Telegram, Vkontakte, Odnoklassniki, Line, Mail.Ru Agent, Tango, Pegasus, Kakao Talk, and more.
* Application Hooking
* Use of SIP for exfiltration
* Historical Analysis of jailbreaks
We will detail how the jailbreak techniques used by this software have changed and adapted to the changing security mechanisms added to iOS over the years.
4. Summary and conclusions