A deep dive into iPhone exploit chains

Thursday 3 October 16:00 - 16:30, Small talks

John Bambenek (University of Illinois at Urbana-Champaign)

Recent research by Google Project Zero and Volexity showed sophisticated attacks against both Android and iPhone devices that were targeted at Uighur Muslims. This talk will cover both sets of exploits that led to the installation of malware on the devices and the evolution of how the attacks adjusted their techniques to compromise iPhone devices.

The malware that was installed had a variety of functions but in particular its ability to extract decrypted messages from encrypted chat applications will be discussed and how this particular weakness (the messages being unencrypted on the device) will continue to be exploited in the future.

Finally, details of the campaign and its breadth will be examined. The operation targeted an ethnic and religious minority in China and abroad by compromising websites known to be viewed by that community. Details of both the attack and the targeting suggest it was backed by the government of China, which will continue to use such techniques in the future.




John Bambenek

John Bambenek is a Ph.D. student at the University of Illinois, VP of Security Research and Intelligence at ThreatSTOP, and a handler with the SANS Internet Storm Center. He has over 20 years of experience in information security and leads several international investigative efforts tracking cybercriminals – some of which have led to high-profile arrests and legal action. He currently tracks neonazi fundraising via cryptocurrency and publishes his research online to Twitter and has other monitoring solutions for cryptocurrency activity. He specializes in disruptive activities designed to greatly diminish the effectiveness of online criminal operations. He has produced some of the largest bodies of open-source intelligence, used by thousands of entities across the world.

   Download slides    Watch video

Back to VB2019 Programme page

Other VB2019 papers

Attribution is in the object: using RTF object dimensions to track APT phishing weaponizers

Michael Raggi (Proofpoint)
Ghareeb Saad (Anomali)

Keynote address: Tales from the NCSC: the daily battle to defend a country in cyberspace

Paul Chichester (National Cyber Security Centre, UK)

Panel: Bursting the myths about threat intelligence sharing

Kathi Whitbey (Palo Alto Networks)
Jeannette Jarvis (Fortinet)
Dan Saunders (NTT)
John Fokker (McAfee)

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.