Mastodawn

New Citizen Lab report by Gary Miller and Swantje Lange, with an incredibly sophisticated analysis of covert surveillance operations with a focus on location tracking, which target phones by exploiting/attacking weaknesses in global 3G/4G telecom networks and sending invisible SMS while acting as trusted telecom operators:
https://citizenlab.ca/research/uncovering-global-telecom-exploitation-by-covert-surveillance-actors/

The Citizen Lab Bad Connection: Uncovering Global Telecom Exploitation by Covert Surveillance Actors

Our investigation uncovers two sophisticated telecom surveillance campaigns and, for the first time, links real-world attack traffic to mobile operator signalling infrastructure. The findings expose how suspected commercial surveillance vendors (CSVs) exploit the global telecom interconnect ecosystem, leverage private operator networks, and conduct covert location tracking operations that can persist undetected for years.

The Citizen Lab

Lukas Arnold Apr 8

The fourth iteration of the „Objective for the We“ event will be held in Berlin at the end of July. Apply to join us for two days of free trainings and talks that teach Apple security research in a beginner-friendly way. If you are a (cybersecurity) student or early in your career, consider applying!
https://objective-see.org/oftw/v4.html

#OFTW v4.0

Empowering students in our community

Show thread

Lukas Arnold Mar 28

@jiska Congratulations 🎉

Show thread

Lukas Arnold Feb 8

@marioguzman There‘s a cool #OBTSv8 talk from @clearbluejar about patch diffing with a hybrid approach (deterministic and non-deterministic tools)

https://youtu.be/vo2YbTHSLOA

#OBTS v8.0: "Reverse Engineering Apple Security Updates" - John McIntosh

YouTube

Lukas Arnold Dec 28, 2025

🧙🖳✨Dec 28, 2025

Do you know where your child is?
Are you sure?

Come join me explore the security of children's smartwatches (including evil witches, clothespins, and the secret to teleportation)
Tomorrow / Monday at #39c3 and online, 13:50 Hall Zero.

seemoo.de/s/c3-xplora

Lukas Arnold Oct 27, 2025

I just published the slides of my #OBTS v8.0 talk about Apple's #C1 baseband. Our C1 #binja loader is now available on GitHub, and you can find a recording on YouTube.

https://lukasarnold.de/posts/obtsv8-talk/

OBTS v8.0: Diving into C1

Learn more about my talk “What’s at the Bottom of the Sea, One Baseband? - Diving into the C1” at eight edition of the Objective by the Sea conference.

Lukas Arnold

Lukas Arnold Oct 16, 2025

Thanks for joining my #OBTSv8 talk about Apple's novel #C1 & #C1X basebands. I'm glad to be back at this awesome conference. We'll release the slides and tooling in the coming days.

Show thread

Lukas Arnold Aug 1, 2025

@jiska Congratulations 🥳

Lukas Arnold Jul 24, 2025

I‘m glad to be back at #OBTS v8.0 with a talk about Apple‘s #C1 baseband and carrier profiles

https://objectivebythesea.org/v8/talks.html#Speaker_14

#OBTS v8.0: Talks

Conference Talks

Show thread

Lukas Arnold Jul 21, 2025

@rmondello I agree, as the native experience is often way better than the one provided by a browser extension.
I store my passkeys in iCloud and passwords in Bitwarden. Thus, I have to enable both password managers in Safari simultaneously, but they often interfere with each other. I would love an option to turn off iCloud‘s password auto-fill and only use its passkeys.