Natalie Silvanovich

No Clicks Required: Finding Fully Remote Vulnerabilities in Messaging Applications


There is increasing evidence that ‘0-click’ or ‘interaction-less’ vulnerabilities in messaging applications are being used by attackers. This talk will discuss how to evaluate a messaging application for fully remote vulnerabilities. It will cover several vulnerabilities reported in iMessage, and how they were discovered. It will also discuss vulnerabilities in other messengers. It will explain how to determine the attack surface of a messaging application and techniques for finding vulnerabilities in them.


Natalie Silvanovich is a security researcher on Google Project Zero. Her current focus is browser security, including script engines, WebAssembly and WebRTC. Previously, she worked in mobile security on the Android Security Team at Google and as a team lead of the Security Research Group at BlackBerry, where her work included finding security issues in mobile software and improving the security of mobile platforms. Outside of work, Natalie enjoys applying her hacking and reverse engineering skills to unusual targets and has spoken at several conferences on the subject of Tamagotchi hacking.