DeepSec 2019 Talk: Saving Private Brian – Michael Burke

This talk will be given as the story of Brian, an aid worker operating in a hostile third country. When he’s stopped going in at the border he had his iPhone taken from him and then returned to him 15 minutes later. Now he can’t be sure if any malware was implanted on his device. Malware that could compromise him, his organisation and anyone who co-operates with him. He needs his phone to do his work but should he stop using it instead? Are all his contacts already compromised? Should he warn them and should he use his phone to do so? And will he and his phone be tracked to any in-person meetings?

iOS malware is rare, advanced and difficult to detect when deployed. I will talk through the above scenario on the basis of the threats that exist, how iOS malware is implanted, what its capabilities are and how it can be detected simply and quickly in future. This will increase the safety and security of the workers we rely on to make the world a better place.

We asked Michael a few more questions about his talk.

Please tell us the top 5 facts about your talk.

It’s a growing (but niche) threat; this is a way to detect it that takes no technical skill on behalf of the user; zero day exploits for iOS can sell for ~$1 million; it’s the first time I’ve given it; I’ll make it interesting!

How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?

I came up with it reading about how sophisticated iOS zero days were being used against NGO workers, dissidents, journalists and other critical roles in our society. I thought that I could devise a new and easy method of detecting something that is very hard and normally involves digital forensic labs

Why do you think this is an important topic?

Lawful and measured iOS malware implants by governments can be a valuable tool to fight crime and terrorism. There are times however that people’s lives may be put at risk from malware implanted on iPhones/iPads by rogue governments, organisations or individuals. I want to help people who are targeted by those bad actors go about their business with safety and security.

Is there something you want everybody to know – some good advice for our readers maybe?

Depending on what you are working in security you may be more likely to be targeted by this type of attack – rare as they are – and just to be aware of that possibility and to take reasonable steps to prevent it (I’m sure as an industry professional you already update your phone soon after every OS release).

A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / the topic of your talk in particular?

I’m hoping that Checkm8/Checkra1n is released and stable by the time of my talk – it will make jailbreaking for iOS forensics much more interesting! I foresee more talks ahead…

I am Ireland’s most active digital forensic investigator working on a wide variety of cases for Grant Thornton but specialise in MacOS and iOS forensics.
I am an external expert for the EU in cybersecurity funding decisions.
I have lectured at third level, spoken at conferences and briefed the Irish national cybercrime unit on my research in digital forensics.
I hold Masters degrees in both Forensic Computing and International Security Studies.
I am a former member of the Irish national police service as well as a reformed member of the start up world.

Tags: , , , ,

Leave a Comment