iPhone 15 Pro Pegasus-like spyware · 4 IOCs matched · UN archive · journalist compensation
An investigative journalist's iPhone 15 Pro had a complaint of "excessive battery + heating + background data traffic." A court-approved forensic request. With MVT (Mobile Verification Toolkit) + the ISO 27037 procedure DSET detected a BlastDoor bypass, 4 IOCs matched the Citizen Lab list, it entered the UN Special Rapporteur's archive, and the journalist received compensation.
01 The Challenge
A journalist handed over an iPhone saying "anomalous behavior over the last 3 months." The device in airplane mode, no jailbreak. With MVT the shutdown.log + sysdiagnose were taken, a suspicion of a Pegasus-like zero-click exploit (PassKit/BlastDoor bypass). A link to the NSO group + an international litigation potential.
02 DSET's Approach
T+0 · ISO 27037 + MVT
A bit-perfect image with a write-blocker + an SHA-256 hash + chain of custody. A zero-click IOC search began with the Citizen Lab MVT procedure.
T+3 days · BlastDoor bypass detected
Detailed analysis of the shutdown.log + sysdiagnose. 4 IOCs matched the Citizen Lab list (CVE-2023-41064 + CVE-2023-41061 PassKit zero-click).
T+1 week · Apple notification
An Apple Threat Notification Program notification was requested. Apple sent the journalist an official "state-sponsored attack" notification.