Publications[Insomni'hack 2015] Pawn Storm: What's Up on iOS devices?
Although there are far less known malware on iOS devices, quite a couple have been discovered since last year: UpdateSrv, WireLurker, Pawn Storm... After a brief overview of existing iOS malware, we focus on the most recent one: Pawn Storm, discovered in February 2015. This one is particularly interesting because quite advanced and probably part of a larger espionage operation. We get our hands into the code, and down to the disassembly of Objective C to understand how it works (which commands it responds to, how it detects it is jailbroken, how it hides), but also to collect some 'intelligence' information on its author. We also highlight some recent trends concerning iOS malware, such as the development of Mobile Substrate extensions, or the potential use of adhoc provisioning to infect devices.
- Conference webpage
- Conference slides for Insomni'hack 2015.
- Pawn Storm investigations
- Conference overview
- Insomni'hack CTF iOS challenges Write-Up
- Other write-ups here and here
Although there are far less known malware on iOS devices, quite a couple have been discovered since last year: UpdateSrv, WireLurker, Pawn Storm...
After a brief overview of existing iOS malware, we focus on the most recent one: Pawn Storm, discovered in February 2015. This one is particularly interesting because quite advanced and probably part of a larger espionage operation.
We get our hands into the code, and down to the disassembly of Objective C to understand how it works (which commands it responds to, how it detects it is jailbroken, how it hides), but also to collect some 'intelligence' information on its author.
We also highlight some recent trends concerning iOS malware, such as the development of Mobile Substrate extensions, or the potential use of adhoc provisioning to infect devices.