DARKNAVY INSIGHT

The history of humanity’s domestication of wolves has spanned forty thousand years – we used firelight and patience to soften the wildness in their eyes, transforming their fangs into the loyalty that guards our homes. When various robot dogs created by America’s Boston Dynamics and China’s Unitree Robotics leap and flip gracefully under the spotlight, this ancient symbiotic relationship seems to take on a new meaning in the cyber age: trust that once required thousands of years of genetic selection to build can now be achieved with just a line of code. ...

Both the Attackers and Victims Made Critical Mistakes On February 21, 2025, the cryptocurrency exchange Bybit experienced the most significant financial loss in Web3 history when nearly $1.5 billion was illicitly transferred from its multi-signature wallet by North Korean threat actors. The DARKNAVY team has been closely monitoring security developments within the Web3 ecosystem. Following the Bybit incident, we conducted a reconstruction of the attack, analyzing it from the perspectives of the attackers, the developers, and the transaction signers. ...

In the era of mobile internet, user traffic is the lifeline of manufacturers. In this battle for traffic, smartphone manufacturers hold the most overwhelming advantage — ultimate control over the operating system. By deeply customizing AOSP, manufacturers not only gain precise control over user and app activities but can even manipulate and interfere with user choices. Ordinarily, few companies would choose to violate regulations and abuse their privileges to harm consumers. However, in 2024, a well-known Chinese smartphone brand crossed the ethical bottom line of business. By leveraging non-security technological means, it covertly manipulated its own smartphone system, turning millions of users into mere tools for profit. ...

In the field of cybersecurity, vulnerability disclosure has long been regarded as a crucial step in safeguarding users. However, in practice, this process is fraught with controversy and contradictions. What truly constitutes “responsible disclosure”? When vendors dominate the public release of information and patch deployment, while security researchers invest substantial time and energy in negotiations, can this model still fulfill its intended purpose of protecting user security? In an era of rapidly advancing technology and escalating cyber threats, has the traditional vulnerability disclosure process become outdated? ...

In the increasingly intense offense and defense confrontation of 2024, security software has always been regarded as an important cornerstone of the corporate security defense line. However, these security softwares themselves may also have vulnerabilities and could be exploited by attackers as a springboard for intrusions to harm users. Over the years, incidents caused by security software have raised a question — can security software really be trusted? The following is the eighth article of the “DARKNAVY INSIGHT | 2024 Annual Security Report”. ...

In recent years, the evolution of vulnerabilities and defense techniques has been continuous. From the days when a simple stack overflow could compromise a system, to the present day, where sophisticated techniques are necessary to bypass multiple layers of defense. The “shield” and the “spear” are in dynamic confrontation: whenever new defense measures are introduced, new attack methods emerge in response. The enhancement of defense mechanisms compels attackers to seek out new vulnerabilities, while the innovation of attack techniques propels the development of defense technologies ...

Does open source guarantee that there are no backdoors? At the 1983 Turing Award ceremony, Ken Thompson raised this question. As one of only three legends to win the Turing Award before the age of 40, he demonstrated how to hack Unix systems compiled from harmless source code by implanting backdoors in compilers, remaining a tale frequently cited by hackers to this day. In 2024, the XZ backdoor incident resurfaced this question. Under the nose of the open-source community, attackers successfully pushed the backdoored xz-utils 5.6.1 package into official repositories of several distributions like Debian and Fedora. Fortunately, engineer Andres Freund discovered and reported the abnormal behavior of xz-utils 5.6.1 in time. Although the community effectively stopped the backdoor’s spread, this heart-stopping crisis made every open-source user rethink the trust model in collaborative development. ...

At the beginning of 2025, the five-year “Siri Eavesdropping Scandal” finally came to an end. Apple settled a class-action lawsuit with the plaintiffs for $95 million. This well-known privacy case started when users accused Siri of accidentally capturing and recording their everyday conversations without permission, and leaking the data to third-party advertisers. Even though Apple firmly denied these claims, public concern over privacy security is growing day by day. Now, we share massive amounts of personal data with AI every day. Are these privacy data really secure enough? ...

Under the collective efforts of security researchers and increasingly stringent security mitigations, most memory vulnerabilities have been nipped in the bud. Is it time to declare memory vulnerabilities a thing of the past? In July 2024, a “nuclear bomb” from the Windows camp shattered the illusion of security. We can’t help but ask: When faced with threats from memory, just how much can the walls in front of us really defend against? ...

2023 was the dawn of generative AI and large language models, which output content in unprecedented ways. In 2024, a large number of AI agents emerged, expanding the capabilities of LLM, driving more widespread tool usage, and extending their application to more fields. For security researchers, how to leverage AI to improve work efficiency, and even drive AI to think, analyze, and find vulnerabilities like humans, has become a key topic. ...