DNGerousLINK - A Deep Dive into WhatsApp 0-Click Exploits on iOS and Samsung Devices
media.ccc.de via YouTube
Learn Generative AI, Prompt Engineering, and LLMs for Free
PowerBI Data Analyst - Create visualizations and dashboards from scratch
Overview
Google, IBM & Meta Certificates – 40% Off
One plan covers every Professional Certificate on Coursera.
Unlock All Certificates
Explore a comprehensive technical analysis of sophisticated zero-click exploits targeting WhatsApp on iOS and Samsung devices in this 53-minute conference presentation from 39C3. Examine the in-depth deconstruction of a critical exploit chain that allowed attackers to remotely compromise devices using only a phone number, without any user interaction. Learn how researchers analyzed and reproduced the attack methodology that chained two core vulnerabilities: CVE-2025-55177 in WhatsApp's message handling logic for linked devices, and CVE-2025-43300 in iOS image parsing libraries. Discover the technical details of how attackers exploited insufficient validation in WhatsApp's protocol message handling to force targets to load malicious web content containing crafted DNG images. Follow the step-by-step process of vulnerability chaining that enabled simultaneous crashes across iPhones, iPads, and Macs. Investigate the related Samsung device vulnerabilities, including CVE-2025-21043, and understand how this research led to the discovery of additional previously unknown zero-day vulnerabilities. Gain insights into the sophisticated attack vectors used in real-world spyware campaigns and the technical methodologies employed by security researchers to reverse-engineer and understand these complex exploit chains.
Syllabus
39C3 - DNGerousLINK: A Deep Dive into WhatsApp 0-Click Exploits on iOS and Samsung Devices
Taught by
media.ccc.de