<- Back to the timetable

Pegasus internals

Max Bazaliy

Presentation Outline: 1. Introduction Introduction to the talk and the background of the speaker 2. Technical Analysis In the technical analysis section we will cover in-depth the three stages of this attack including the exploits and the payloads used at each stage. We will detail the obfuscation and encryption techniques the developers used to hide the payloads. We will also examine the 0-day vulnerabilities, called Trident, that we found, which allow for a remote jailbreak on the latest versions of iOS (up to 9.3.4) via Safari. * 0-days (responsibly disclosed to Apple) * Malware techniques * Obfuscation and encryption techniques The technical analysis will continue and detail the software that gets installed including what it was designed to collect, which includes texts, emails, chats, calendars, and voice calls from apps including Viber, WhatsApp, Skype, SMS, iMessage, Facebook, WeChat, Viber, WhatsApp, Telegram, Vkontakte, Odnoklassniki, Line, Mail.Ru Agent, Tango, Pegasus, Kakao Talk, and more. * Application Hooking * Use of SIP for exfiltration * Historical Analysis of jailbreaks We will detail how the jailbreak techniques used by this software have changed and adapted to the changing security mechanisms added to iOS over the years. 4. Summary and conclusions

Download Slides
PDF ZIP JSON
0:00:07 - 0:00:10
0:00:45 - 0:00:53
0:00:54 - 0:01:03
0:01:10 - 0:01:19
0:01:56 - 0:02:05
0:02:19 - 0:02:41
0:03:26 - 0:03:54
0:04:02 - 0:04:25
0:04:37 - 0:04:47
0:05:02 - 0:05:22
0:05:55 - 0:06:22
0:06:22 - 0:06:48
0:07:33 - 0:07:52
0:07:53 - 0:08:19
0:08:29 - 0:08:54
0:09:03 - 0:09:46
0:10:19 - 0:10:37
0:10:47 - 0:10:59
0:11:10 - 0:11:40
0:11:41 - 0:12:06
0:12:19 - 0:12:42
0:12:43 - 0:13:12
0:13:32 - 0:13:41
0:13:50 - 0:14:13
0:14:13 - 0:14:29
0:14:37 - 0:15:04
0:15:16 - 0:15:49
0:16:21 - 0:16:41
0:16:52 - 0:17:35
0:18:02 - 0:18:12
0:18:31 - 0:18:56
0:18:56 - 0:19:26
0:19:26 - 0:20:00
0:20:39 - 0:20:53
0:21:07 - 0:21:44
0:22:05 - 0:22:24
0:22:52 - 0:23:07
0:23:12 - 0:23:29
0:23:29 - 0:23:39
0:23:56 - 0:24:09
0:24:09 - 0:24:25
0:24:36 - 0:24:45
0:24:55 - 0:25:09
0:25:09 - 0:25:26
0:25:27 - 0:25:37
0:29:23 - 0:29:26
0:29:27 - 0:29:31
0:29:32 - 0:29:37