Mobile Threat Landscape Update

Feb 7, 2024

Guest

Laurie Kirk

Guest

Apurva Kumar

Guest

Christine Fossaceca

Mobile threat researchers Christine Fossaceca, Laurie Kirk, and Apurva Kumar discuss a recent zero-click attack on iPhones targeting security researchers. They explore the significance of the attack, its implications for mobile security, and the rising prevalence of zero-click attacks on mobile devices. They also discuss phishing scams involving gift cards, their experiences with scammers, mobile fraud, and the safety of app stores. The episode wraps up with thanks to the guests and a teaser for an upcoming episode.

Ask episode

Chapters

Transcript

Episode notes

Introduction

00:00 • 3min

Recent iPhone Attack Targeting Security Researchers

02:37 • 21min

Phishing Messages and the Gift Card Market

23:33 • 2min

Experiences with Scammers and Conducting OSINT Investigations

25:36 • 5min

Mobile Fraud and the Safety of App Stores

30:09 • 8min

Wrapping up the Podcast Episode with Guest Thanks and Promotion

38:33 • 2min

On this week's episode of The Microsoft Threat Intelligence Podcast, Sherrod DeGrippo is joined by Christine Fossaceca, Laurie Kirk, and Apurva Kumar. Today's discussion concerns a recent release from the Chaos Computer Congress, where researchers discovered and analyzed a zero-click attack on iPhones. The attack involves four zero-day vulnerabilities in iOS, requiring a malicious iMessage, a hardware bug, and a Safari exploit. The spyware discovered was specifically targeting security researchers. Sherrod, Christine, Laurie, and Apurva explore the significance of this attack, its implications for mobile security, the concept of zero-click attacks becoming more prevalent on mobile devices, and the importance of researchers being vigilant about their security.

In this episode you’ll learn:

Why you should consider the threat landscape when traveling internationally
The technical and strategic aspects of mobile threat intelligence
Prevalence of spyware on both Android and iOS platforms

Some questions we ask:

How can attackers disguise Trojans to harvest personal details?
What are the communication vehicles that you're seeing phishing come from?
How do I know if I have malware on my phone?

Resources:

Follow Christine on Twitter @x71n3 & @herhaxpodcast

View Laurie Kirk on LinkedIn

View Apurva Kumar on LinkedIn

View Sherrod DeGrippo on LinkedIn

DEV-0196: QuaDream’s “KingsPawn” malware targets Europe, North America, the Middle East, and Southeast Asia | Microsoft Security Blog

37C3 - Operation Triangulation: What You Get When Attack iPhones of Researchers

Related Microsoft Podcasts:

Discover and follow other Microsoft podcasts at microsoft.com/podcasts

Get the latest threat intelligence insights and guidance at Microsoft Security Insider

The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.