Presented at
Black Hat Europe 2016,
Nov. 3, 2016, 12:30 p.m.
(60 minutes)
<p>This briefing will take an in-depth look at the technical capabilities of mobile attacks that are being leveraged against real targets for the purpose of espionage. We will focus on Pegasus, a lawful intercept product, and the features and exploit chain it used. We will describe how we discovered and tracked the developer’s infrastructure prior to the attack, and how we later caught a sample of the elusive malcode being used against a prominent human rights defender. This spyware is professionally developed and highly advanced in its use of 0days, obfuscation, encryption, function hooking, and ability to go unnoticed. We will detail the technical features of the exploit chain including the analysis of various 0day vulnerabilities that the toolkit was using. We will also look in-depth at how this espionage software utilizes remote jailbreaks and backdoors to embed itself into the device. You will learn all of the technical details about this attack and also how to take steps to defend yourself against similar attacks. You will also gain valuable insight into how researchers identify and track sophisticated, nation-state level malware that targets high risk groups (e.g. human rights organizations, corporations, etc).</p>
Presenters:
-
Andrew Blaich
- Manager - Vulnerability Research, Lookout
Andrew Blaich is the Manager of Vulnerability Research at Lookout where he is focused on mobile threat hunting and vulnerability research. Prior to Lookout, Andrew was the Lead Security Analyst at Bluebox Security. He holds a PhD in computer science, and engineering from the University of Notre Dame in enterprise security and wireless networking. In the past Andrew has worked at both Samsung and Qualcomm Research. Andrew has presented at conferences including RSA, Interop, and SANS DFIR. In his free time he loves to research the security of IoT devices.
-
Seth Hardy
- Staff Security Researcher, Lookout
Seth Hardy is a Staff Security Researcher on the Research and Response team at Lookout, where he works to detect and prevent mobile threats. Previous work includes research on targeted threats against human rights organizations as part of the Citizen Lab, where he continues to be on the technical advisory group. He has worked extensively on analysis of document-based malware and AV evasion methods, and his other areas of experience include provably secure cryptography, random number generators, and network vulnerability research.
-
Max Bazaliy
- Staff Security Researcher, Lookout
Max Bazaliy is a Staff Security Engineer at Lookout who has more than ten years experience in areas as mobile security, security protocols design and analysis, mobile security research, tools and techniques development for vulnerability assessment and post-exploitation, reverse engineering mobile\desktop platforms and penetration testing.
Prior to joining Lookout Max was working on code obfuscation and software protection solutions, as well as penetration testing of commercial software protection products.
In the past few years, Max was a speaker on various security and engineering conferences, including DEF CON, UIKonf, Mobile Optimized, Mobile Central Europe, Mobius and UAMobile.
Max holds a Masters degree in Computer Science and currently is PhD student at the National Technical University of Ukraine "Kyiv Polytechnic Institute" where he's working on dissertation in code obfuscation and privacy area.
Links:
Similar Presentations: