On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Christine Fossaceca, Laurie Kirk, and Apurva Kumar. Today's discussion concerns a recent release from the Chaos Computer Congress, where researchers discovered and analyzed a zero-click attack on iPhones. The attack involves four zero-day vulnerabilities in iOS, requiring a malicious iMessage, a hardware bug, and a Safari exploit. The spyware discovered was specifically targeting security researchers. Sherrod, Christine, Laurie, and Apurva explore the significance of this attack, its implications for mobile security, the concept of zero-click attacks becoming more prevalent on mobile devices, and the importance of researchers being vigilant about their security.  

In this episode you’ll learn:      

• Why you should consider the threat landscape when traveling internationally 
• The technical and strategic aspects of mobile threat intelligence 
• Prevalence of spyware on both Android and iOS platforms 

Some questions we ask:     

• How can attackers disguise Trojans to harvest personal details? 
• What are the communication vehicles that you're seeing phishing come from? 
• How do I know if I have malware on my phone?  

Resources:  

Follow Christine on Twitter @x71n3 & @herhaxpodcast  

View Laurie Kirk on LinkedIn  

View Apurva Kumar on LinkedIn  

View Sherrod DeGrippo on LinkedIn  

DEV-0196: QuaDream’s “KingsPawn” malware targets Europe, North America, the Middle East, and Southeast Asia | Microsoft Security Blog 

37C3 - Operation Triangulation: What You Get When Attack iPhones of Researchers 

Related Microsoft Podcasts:                   

• Afternoon Cyber Tea with Ann Johnson 
• The BlueHat Podcast 
• Uncovering Hidden Risks     

Discover and follow other Microsoft podcasts at microsoft.com/podcasts  

Get the latest threat intelligence insights and guidance at Microsoft Security Insider

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.