Wednesday 28 September 2022, 16:00 - 16:30
Donncha Ó Cearbhaill (Amnesty International)
Bill Marczak (Citizen Lab)
It is well understood that devices can be compromised by visiting malicious websites: in 2021, 24 of the 57 zero-day exploits reported to be used in the wild targeted browsers such as Chrome and WebKit. Less well understood is the world of remote 'zero-click' attacks, pushed to and executed automatically on devices anywhere in the world, via cloud messaging services such as iMessage and WhatsApp.
While a few examples have come to light in recent years, there are still open questions about how common the attacks are, and strategies to detect them. Over the past two years, Amnesty International and Citizen Lab have forensically examined hundreds of devices, and have developed techniques to hunt for signs of compromise in phone logs.
Our results indicate that NSO Group, a company that sells mobile attack tools to governments, has successfully fielded zero-click zero-day exploits against every major version of iOS starting from iOS 10, up to and including iOS 14.
We explain how we were able to reconstruct a partial timeline of NSO Group's zero-click activity on iPhones through forensic analysis of compromised devices. We also provide some technical details about the attacks, based on analysis of indicators left behind, and discuss some of the challenges and limitations of this 'digital archaeology'.
Donncha Ó Cearbhaill
Donncha is a researcher and technologist at Amnesty International. Based out of the Amnesty International Security Lab in Berlin, his primary focus is on investigating and exposing targeted digital surveillance against activists and human rights defenders. Donncha has led on the Security Lab's investigation into Pegasus over the past four years, including as part of the Pegasus Project. He has previously presented at Virus Bulletin on a hacker-for-hire targeting activists in West Africa.
Bill Marczak is a senior researcher at the Citizen Lab at the University of Toronto's Munk School of Global Affairs. He was previously a postdoctoral researcher at UC Berkeley, where he received his Ph.D. in computer science. Bill's work focuses on novel technological threats to Internet freedom, including new censorship and surveillance tools. Coverage of his work has been featured in Vanity Fair, the New York Times, and on 60 Minutes.