Shimon Shocken - From Xor to Doom: Pegasus Exposed

×

Error message

  • Deprecated function: Creation of dynamic property LdapUserConf::$createLDAPAccounts is deprecated in LdapUserConf->load() (line 265 of /var/lib/drupal7/modules/ldap/ldap_user/LdapUserConf.class.php).
  • Deprecated function: Creation of dynamic property LdapUserConf::$createLDAPAccountsAdminApproval is deprecated in LdapUserConf->load() (line 266 of /var/lib/drupal7/modules/ldap/ldap_user/LdapUserConf.class.php).

Pegasus is a zero-click attack: The target is sent a text message, and that's it – the device is compromised – the message doesn't even have to be read. According to a recent Google report: "Short of not using the device, there is no way to prevent exploitation... Pegasus is a weapon against which there is no defense... This is one of the most technically sophisticated exploits we've ever seen". That said, Pegasus was recently exposed, and iOS and Android groups are taking steps to plug the holes. Pegasus is based on a combination of classical memory exploitation hacks, devious manipulation of naive compression algorithms, and a brilliant construction of a virtual computer inside the target device. Once the machine is constructed, the device is under the attacker's control. The talk describes the attack, and shows how it relates to Turing completeness and to building a computer system from the ground up.

Date and Time: 
Thursday, March 24, 2022 - 13:30 to 14:30
Speaker: 
Shimon Shocken
Location: 
L102
Speaker Bio: 

Shimon Schocken teaches at Reichman University, where he was the founding dean of the School of Computer Science. He is co-creator of Nand to Tetris (with Noam Nisan), Matific (with Raz Kupferman and Shmulik London), branded in Israel as עשר אצבעות, and WeCode (with Yoav Shoham and Noga Goshen).