conference logo

Playlist "37C3: Unlocked"

Operation Triangulation

oct0xor, kucher1n and bzvr_

Imagine discovering a zero-click attack targeting Apple mobile devices of your colleagues and managing to capture all the stages of the attack. That’s exactly what happened to us! This led to the fixing of four zero-day vulnerabilities and discovering of a previously unknown and highly sophisticated spyware that had been around for years without anyone noticing. We call it Operation Triangulation. We've been teasing this story for almost six months, while thoroughly analyzing every stage of the attack. Now, for the first time, we're ready to tell you all about it. This is the story of the most sophisticated attack chain and spyware ever discovered by Kaspersky.

In this presentation, we will share:

* How we managed to discover and capture all stages of a zero-click attack on iOS, despite the attackers’ efforts to hide and protect it,
* a comprehensive analysis of the entire attack chain, which exploited five vulnerabilities, including four zero-days
* the capabilities of the malware that transforms your phone into the ultimate surveillance tool,
* and the links to previously known malware we were able to find.