US 13 Lau Mactans Injecting Malware Into IOS Devices via Malicious Chargers Slides

8/11/2019 US 13 Lau Mactans Injecting Malware Into IOS Devices via Malicious Chargers Slides

1/43

!"#$"%&' )%*+#,%- !"./"0+ 1%$2 134

5+61#+& 61" !".1#127& 89"0-+0&

:1..;


2/43

@-+%A"

134 4+#701$;

!"#$"%&

51&&12%

B


3/43

!"# #%&'(!)*

"% 26+061+/ 2C

D


4/43

@EE.+ @EE 4$20+

F9+ /"..+A -"0A+% G2A+.

@#$& "& E."H20G $2 E7I.1&9 "EE&

F9+ 2%.; E."#+ $2 E70#9"&+JA2/%.2"A "EE& 82GE.+$+.; #2%$02..+A I; @EE.+

@.. "EE& G7&$ I+ 0+61+/+A I; @EE.+ I+C20+ 0+.+"&+

@ 0+.+"&+A "EE #"% I+ 0+G26+A C02G $9+ &$20+ 1C 1$

612."$+& E2.1#;

K


5/43

82A+ 41-%1%- 1% 134

L%C20#+& $9+ 1%$+-01$; 2C $9+ I22$ #9"1% "%A

/"..+A -"0A+% G2A+.

3%.; #200+#$.; &1-%+A "EE& #"% I+ 1%&$"..+A "%A+M+#7$+A

41-%1%- L%,,+&

@EE.+ @EE 4$20+

134 A+6+.2E+0&

N


6/43

@EE O+61+/

@P+GE$& $2 A+$+0G1%+ /9+$9+0 $9+ &7IG1P+A"EE #2GE.1+& /1$9 $9+ 07.+&

Q9"$ "0+ $9+ 07.+&R


7/43

134 4"%AI2M

T02#+&& 1&2.",2%

@ &"%AI2M+A E02#+&& #"%%2$ 0+"A 2$9+0 E02#+&&+&XG+G20;

@.&2 #"%%2$ $".S $2 2$9+0 E02#+&&+& 7&1%- $0"A1,2%". )T8Y.1S+ @T)&

Z1.+&;&$+G 1&2.",2%

4"%AI2M+A "EE #"% 2%.; 0+"AJ/01$+ $2 1$& 2/% [.+&;&$+G

8"% ".&2 0+"A UI7$ %2$ /01$+ $2V &2G+ E7I.1# [.+&

L%,$.+G+%$ #9+#S Z20 &2G+ 2E+0",2%& U+\-\] #9"%-+ E"&A+V] 134 +%C20#+&

"EE L%,$.+G+%$&

^


8/43

Q"..+A _"0A+% L`+#,6+%+&&

F9+ /"..+A -"0A+% G2A+. 1& "&&7G+A $2 I+

&+#70+

@.. "EE& "0+ #"0+C7..; 6+P+A E0120 $2 0+.+"&+ "%A$97& &"C+

O1-9$R

82GE"0+A $2 @%A021A] ".G2&$ %2 1%Y$9+Y/1.A

G"./"0+ 1%&$"%#+& C20 134

a


9/43

+,&),-#

" &$+EYI;Y&$+E 1%$02A7#,2% $2

b


10/43

!"#$"%& 82%#+E$

c2$ " *"1.I0+"S

52+& %2$ 0+d710+ " *"1.I02S+% A+61#+

@7$2G",#

41GE.; #2%%+#,%- $9+ A+61#+ 1& +%27-9

4$+".$9;

F9+0+ "0+ %2 61&1I.+ #.7+&

T2/+0C7.

52+& G".1#127& $91%-& 2$9+0 "EE& #"%%2$ A2

?e


11/43


12/43

Z20G Z"#$20 @.$+0%",6+&

827.A I+ G7#9 &G"..+0f

?B


13/43

!"#$"%& 36+061+/

?\

3I$"1% A+61#+ g5)5

B\

T"10 /1$9 A+61#+

D\

_+%+0"$+ "%A 1%&$".. E0261&12%1%- E02[.+K\ )%&$".. G".1#127& "EE

?D


14/43

g%16+0&". 5+61#+ )A+%,[+0 Ug5)5V

@ Ke A1-1$ 9+M"A+#1G". 1A+%,[+0 7%1d7+ $2 "

A+61#+

3I$"1%1%- A+61#+ g5)5 1& $0161". 61" g4:

#2%%+#,2%

?K


15/43

T"10 Q1$9 5+61#+

3%#+ "% 134 A+61#+ 1& #2%%+#$+A 61" g4:]!"#$"%& /1.. $0; $2 E"10 /1$9 1$

!"#$"%& .+6+0"-+& " #2%#+E$7". 134 E"101%- $07&$

"&&7GE,2% 5+61#+ #"%%2$ 0+*+#$ E"101%- 0+d7+&$

5+61#+ #"% I+ E"10+A /1$927$ 7&+0X& #2%&+%$ /91.+ 1$ 1&E"&A+Y7%.2#S+A

T"101%- #"% 2##70 1C A+61#+ 1& 7%.2#S+A "$ "%; ,G+ U+6+%I01+h;V

3%#+ E"10+A] +ME.21$",2% 1& E2&&1I.+ 0+-"0A.+&& 2C/9+$9+0 20 %2$ A+61#+ 1& .2#S+A

?N


16/43

T"10 Q1$9 5+61#+ 82%$XA

!"%; 2E+0",2%& #"% I+ E+0C20G+A 61" g4:

3I$"1% A+61#+ 1%C20G",2% U+\-\] g5)5] &+01".

%7GI+0V

)%&$".. "%A 0+G26+ "EE& "%A E0261&12%1%- E02[.+&

:"#S7E "%A 0+&$20+] [0G/"0+ 0+&+$ U1E&/V

5+I7--1%-

!"#$"%& #"% I+ 7&+A $2 E+0C20G $9+&+C7%#,2%&

?W


17/43

T0261&12%1%- T02[.+ 5+$"1.&

F;E+& 2C E0261&12%1%- E02[.+&

)%A161A7".

L%$+0E01&+ O+d710+G+%$& C20 )%A161A7". E02[.+

@#,6+ A+6+.2E+0X& .1#+%&+

5+61#+ g5)5

)%$+0%+$ #2%%+#,2%

?^


18/43


19/43

T0261&12%1%- T02[.+ 5+$"1.&

@ A+61#+ G7&$ I+ 0+-1&$+0+A $2 07% "

A+6+.2E+0X& "EE

)%A161A7". A+6+.2E+0 .1#+%&+ "..2/& 7E $2 ?eeA+61#+&

8"%%2$ 0+G26+ A+61#+& 2%#+ 0+-1&$+0+A

g5)5 0+-1&$0",2% 61" developer.apple.com

?b


20/43


21/43

_+%+0",%- " T0261&12%1%- T02[.+

8"% I+ +"&1.; "7$2G"$+A I; I02/&+0 "7$2G",2% $22.&

c2 8@TF8i@

B?


22/43

)%&$"..1%- "% @EE

3%#+ 2I$"1%+A] " E0261&12%1%- E02[.+ #"% I+1%&$"..+A /1$927$ 7&+0X& #2%&+%$ U20 S%2/.+A-+V

@EE& 2/%+A I; E0261&12%1%- E02[.+ 2/%+0 #"% $9+% I+

1%&$"..+A 61" g4:

@j+0 E02[.+ 1%&$"..",2%] "0I1$0"0; "EE& #"% I+1%&$"..+A "%A +M+#7$+A

c+M$ &$+E&

i1A+ "EE $2 E0+6+%$ 7%/"%$+A A+.+,2% 810#7G6+%$ "EE 07%,G+ 0+&$01#,2%& U1\+\] 61" G1&7&+

2C E016"$+ @T)&V

BB


23/43

i1A1%- "% @EE

F9+0+ "0+ &2G+ 91AA+% "EE& 2% $9+ &$2#S 1T92%+

[email protected]#",2%&J5+G2@EE\"EE

[email protected]#",2%&JZ1+.AF+&$\"EE

)%C2\E.1&$ C20 $9+&+ "EE& 0+6+".& " #2GG2% [+.A

F91& E02E+0$; 91A+& $9+ "EE 2% $9+ G"1% ++% "%A 1%$9+ $"&S G"%"-+0

BD


24/43

i1AA+% @EE 8"E"I1.1,+&

134 I"#S-027%A +M+#7,2%

@EE #"% 07% /1$927$ 7&+0X& S%2/.+A-+

134 .1G1$& I"#S-027%A +M+#7,2% $2 ?e G1%7$+&


25/43

i1AA+% @EE 8"E"I1.1,+& 82%$XA

LM"GE.+' F"S1%- ++% &92$&

g&1%- " T016"$+ @T) #"..] "

I"#S-027%A "EE #"% $"S+ "

++%&92$ 2C #700+%$

mC20+-027%AX ++%

BN


26/43

i1AA+% @EE 8"E"I1.1,+& 82%$XA

LM"GE.+' 41G7.",%- ++%JI7P2% E0+&&+&

n#2A+ 1%&$07G+%$",2%

@EE $+&,%- #"% I+ "7$2G"$+A

41G7.",2% #"% ".&2 I+ A2%+ 27$&1A+ n#2A+

5+6+.2E+051&S

i"& g)@7$2G",2%\C0"G+/20S

F0; A.2E+%UV] #".. @T)& $9+0+

BW


27/43


28/43

F02*"% i20&+ Q20Sh2/

!"1% 4#0++% 492/& F02*"% g&+0


29/43

@P"#S 4#+%"012&

_+%+0".

g&+ +%$+0E01&+ E0261&12%1%- E02[.+ $2 &+$7E E7I.1#

#9"0-1%- &$",2%& U+\-\] "$ "10E20$&] .1I0"01+&V

F"0-+$+A

LM#9"%-+ 20 E0261A+ #9"0-+0 $2 $"0-+$

g&+ " E01201 S%2/.+A-+ $2 &+.+#,6+.; G2A1C;

+%6102%G+%$ U+\-\] &E+#1[# "10E."%+ &+"$] 92$+.022GV

Bb


30/43

.!#&'##!"-

De


31/43

T02I.+G o?

)%#200+#$ $07&$ G2A+. C20 E"101%-

@%; 92&$ 1& 1GE.1#1$.; $07&$+A 1C $9+ E92%+ 1& %2$

E"&A+ E02$+#$+A

3%#+ E"101%- 1& +&$"I.1&9+A] 1$ 1& E+0G"%+%$

D?


32/43

Z1M C20 T02I.+G o?

DB

g&+ +ME.1#1$ "7$9201p",2%

82G1%- $2 134 ^

F07&$+A 92&$ G"%"-+G+%$

4;%2%;G27& /1$9 Q1YZ1

G"%"-+G+%$


33/43

T02I.+G oB

c2 61&7". #7+& $2 A1`+0+%,"$+ " #9"0-+0 6+0&7&

" #2GE7,%- A+61#+

134 2%.; 9"& "% 1%A1#"$20 C20 &;%#902%1p",2%] "%A

2%.; &92/& $9"$ 1%A1#"$20 A701%- &;%#902%1p",2%

DD


34/43

Z1M C20 T02I.+G oB

k1&7". 1%A1#"$20 $2 A1`+0+%,"$+ #9"0-+ G2A+

"%A E"10 G2A+

Z1M C20 T02I.+G o? ".&2 [M+& $91& E02I.+G

@%A021A -+%+0"$+& " %2,[#",2% /9+% $9+ E92%+

1& #2%%+#$+A $2 " 92&$ "%A "./";& &92/& $9+

1%A1#"$20

DK


35/43

T02I.+G oD

T0261&12%1%- E02[.+ "I7&+

@EE.+ E";& .2$& 2C "P+%,2% $2 "EE &1-%1%-] I7$

.1P.+ "P+%,2% $2 E0261&12%1%- E02[.+ &1-%1%-

DN


36/43


37/43


38/43

Z1M C20 T02I.+G oK

F1-9$+% A+C"7.$ g4: #2%%+#,2% &+q%-&

O+A7#+ A+C"7.$ #2%%+#,2% G2A+ E0161.+-+&

O+d710+ +ME.1#1$ "7$9201p",2% C20 E0261&12%1%-

E02[.+ 1%&$"..",2%

Da


39/43

T02I.+G oN

F910A E"0$; 91AA+% "EE& #2%&1A+0+A 9"0GC7.

Z+/ 20 %2 .+-1,G"$+ 7&+&

i1-9 "I7&+ E2$+%,".

Db


40/43

Z1M C20 T02I.+G oN

O+&$01#$ $9+ "I1.1$; $2 &+$ 91AA+% E02E+0$;

3%.; "..2/ "EE& A+6+.2E+A I; @EE.+ $2 7&+ $91&

E02E+0$;

Ke


41/43

3%+ G20+ $91%- f

=27 A2 %2$ %++A " G".1#127& #9"0-+0 $2 I;E"&&

$9+ E02$+#,2%& 2C $9+ /"..+A -"0A+% G2A+.

>+S;.. 2% 134' Q9+% :+%1-% @EE& :+#2G+ L61.\

F1+.+1 Q"%-] l"%-*1+


42/43

T.+"&+ [.. 27$ ;270

C++AI"#S C20G&\

KB


43/43

r7+&,2%&R

KD

Documents

US 13 Lau Mactans Injecting Malware Into IOS Devices via Malicious Chargers Slides