Chaos Communication Congress

Messenger Hacking: Remotely Compromising an iPhone through iMessage (36x12)

Air date: Dec 27, 2019

So called “0-click” exploits, in which no user interaction is required to compromise a mobile device, have become a highly interesting topic for security researchers, and not just because Apple announced a one million dollar bug bounty for such exploits against the iPhone this year. This talk will go into the details of how a single memory corruption vulnerability in iMessage was remotely exploited to compromise an iPhone. The insights gained from the exploitation process will hopefully help defend against such attacks in the future.