iOS Elegantbouncer: When You Can't Get Samples but Still Need to Catch Threats
16 days ago
- #structural-analysis
- #mobile-security
- #exploit-detection
- ELEGANTBOUNCER is a tool designed for detecting sophisticated mobile exploits without needing actual malicious samples.
- It uses structural analysis instead of traditional signature-based detection to identify threats in files like PDFs, WebP images, fonts, and DNG files.
- Key exploits detected include FORCEDENTRY (JBIG2 PDF exploit), BLASTPASS (WebP heap buffer overflow), TRIANGULATION (TrueType font exploit), and CVE-2025-43300 (DNG processing vulnerability).
- The tool features parallel processing, smart scanner selection, and early termination for optimized performance.
- ELEGANTBOUNCER includes a Terminal UI for real-time scanning and integrates iOS backup forensics to scan messaging app attachments for threats.
- It reconstructs iOS backup structures to make files analyzable and scans platforms like iMessage, WhatsApp, Signal, Telegram, and Viber.
- Limitations include potential false positives, inability to detect completely novel techniques, and challenges with polymorphic variants.
- The project is open-source and encourages contributions for new detection methods, performance improvements, and integration into security pipelines.