Voices of Insects, 2019
Kaori SOMEYA
日本画家 染谷香理 | Kaori SOMEYA
日本画家 染谷香理 | Kaori SOMEYA
Kaori Someya is a Nihonga (li.Japanese painting) artist based in Japan.
Voices of Insects, 2019
Kaori SOMEYA
Voices of Insects, 2019
Kaori SOMEYA
That's a CROSS-APP exploit chain. Which is fancy. We'll discuss in a second.
But wait, you say, haven't I heard of WhatsApp zero-click exploits not so long ago?
You have.
A big user base makes a platform big target for exploit development.
Attacker's perspective = an exploit against a popular messenger gives you potential access to a lot of devices.
The regular tempo of large platforms catching sophisticated exploits is a good sign.
They're paying attention & devoting resources to a growing category: highly targeted, sophisticated attacks.
But it's also a reminder of the magnitude of the threat.
Here's the Apple CVE.
Somewhere, earlier this summer, some people in a room probably had a bad day when this clever cross-app chain stopped working.
The cross- app chain = probably also a sign of the increasing tech lift required to get to device compromise. Consequence of various mitigations.
The cost-to-compromise is only going up. Which is arguably a sign that the increasing scrutiny + efforts by platforms & OS developers is having an impact.
That said, the threat of this stuff is going nowhere because there's an infinite governmental appetite for compromise.
Still, I'd argue that increasing costs of zero-clicks has the effect of pricing out a bunch of potential actors which slows the proliferation of this tech to *some* bad actors.
WhatsApp Advisory: 
If only they'd put that money into BTC those labs where I slaved away as an undergrad would be humming.
Source:
