This talk is an overview about recent iOS 0-1 Click Malware and focuses on the current technical capabilities that we have when it comes to detecting malware on iOS.
I will start again with the analysis of the four main samples of iOS Malware that are known to the public as of today (Pegasus I/II, Hermit, and the Google findings in 2019). We will cover how the researchers have made the detection and what we can learn from that for future analysis. Having looked at some malware samples it is time to look at our technical detection capabilities. These are split in three groups:
On device / Fully Automated
This is everything that can be done from a sandboxed app directly on the device. A typical example is jailbreak detection. I will shed some light on how current jailbreak detection works and how we can use that for detection of advanced malware.
Companion / MDM / Half Automated
In this category we will have a look at what data is available trough MDM access and how we can use…