{
  "guid": "b563ba18-dcba-57a4-aec5-969ea621ec52",
  "id": 603,
  "date": "2024-12-28T13:30:00+01:00",
  "start": "13:30",
  "duration": "01:00",
  "room": "Saal GLITCH",
  "slug": "38c3-from-pegasus-to-predator-the-evolution-of-commercial-spyware-on-ios",
  "url": "https://events.ccc.de/congress/2024/hub/de/event/from-pegasus-to-predator-the-evolution-of-commercial-spyware-on-ios/",
  "title": "From Pegasus to Predator - The evolution of Commercial Spyware on iOS",
  "subtitle": null,
  "language": "en",
  "track": "Security",
  "type": "Talk",
  "abstract": "My talk explores the trajectory of iOS spyware from the initial discovery of Pegasus in 2016 to the latest cases in 2024.\r\n\r\nThe talk will start with an analysis how exploits, infection vectors and methods of commercial spyware on iOS have changed over time.\r\n\r\nThe second section of the talk is all about advances in detection methods and the forensic sources which are available to discover commercial spyware. This talk will also include a Case Study about the discovery and analysis of BlastPass (one of the latest NSO Exploits).\r\n\r\nThe third part will discuss technical challenges and limitations of the detections methods and data sources.\r\n\r\nFinally, I will conclude the talk with open research topics and suggestions what Apple or we could technically do to make the detection of commercial spyware better.",
  "description": "The commercial spyware landscape on iOS has evolved significantly since the discovery of Pegasus in 2016. In this talk, we\u2019ll explore that evolution through four main areas:\r\n\r\n1. Spyware Evolution (2016-2024): By analyzing key exploits, tactics, techniques, and procedures (TTPs), infection vectors, and indicators of compromise (IOCs), we\u2019ll trace how spyware has advanced in sophistication, highlighting changes that have led to today\u2019s complex threats.\r\n2. Advancements in Detection: As spyware has grown more sophisticated, so too have detection capabilities. We\u2019ll review the main actors, public organizations and tools that have shaped spyware detection. This part will also include a case study on my discovery and analysis of a sample NSO\u2018s BlastPass Exploit chain.\r\n3. Current and Future Challenges: Looking forward, we\u2019ll examine the pressing challenges in spyware detection and speculate on how commercial spyware might evolve in response to new security measures and technologies.\r\n4. Recommendations for Research and Detections: Finally, I\u2019ll offer recommendations for advancing research and detection methods and capabilities to combat commercial spyware.\r\n\r\nAttendees will gain a comprehensive view of the past, present, and future of spyware on iOS, along with actionable strategies for future research and collaboration.",
  "logo": null,
  "persons": [
    {
      "guid": "a92801b8-3b29-50f0-9e0a-97e19cf6fb12",
      "name": "Matthias Frielingsdorf",
      "public_name": "Matthias Frielingsdorf",
      "avatar": "https://fahrplan.events.ccc.de/congress/2024/fahrplan/media/avatars/IMG_7432_rT69hO2.jpeg",
      "biography": null,
      "url": "https://events.ccc.de/congress/2024/hub/de/user/speaker_a92801b8-3b29-50f0-9e0a-97e19cf6fb12/"
    }
  ],
  "links": [],
  "origin_url": "https://fahrplan.events.ccc.de/congress/2024/fahrplan/talk/CUFLJP/",
  "feedback_url": "https://fahrplan.events.ccc.de/congress/2024/fahrplan/talk/CUFLJP/feedback/"
}