MOBILE ESPIONAGE IN THE WILD: PEGASUS AND NATION-STATE LEVEL ATTACKS presented at BlackHatEU 2016

by Seth Hardy, Andrew Blaich, Max Bazaliy,

Summary : This briefing will take an in-depth look at the technical capabilities of mobile attacks that are being leveraged against real targets for the purpose of espionage. We will focus on Pegasus, a lawful intercept product, and the features and exploit chain it used. We will describe how we discovered and tracked the developer's infrastructure prior to the attack, and how we later caught a sample of the elusive malcode being used against a prominent human rights defender. This spyware is professionally developed and highly advanced in its use of 0days, obfuscation, encryption, function hooking, and ability to go unnoticed. We will detail the technical features of the exploit chain including the analysis of various 0day vulnerabilities that the toolkit was using. We will also look in-depth at how this espionage software utilizes remote jailbreaks and backdoors to embed itself into the device. You will learn all of the technical details about this attack and also how to take steps to defend yourself against similar attacks. You will also gain valuable insight into how researchers identify and track sophisticated, nation-state level malware that targets high risk groups (e.g. human rights organizations, corporations, etc).