Suspicious ODoH-based DNS beaconing was observed on a non-jailbroken iOS 18.6.2 device. Apple-signed system processes initiated encrypted queries every 60 seconds, triggered by Bluetooth events. The behavior suggests covert telemetry or spyware leveraging system-trusted execution paths.
his case study investigates a covert beaconing pattern in which a compromised host periodically sent outbound DNS queries to Google's public resolver (8.8.8.8) at 30-minute intervals without receiving responses.
Add a description, image, and links to the dns-beaconing topic page so that developers can more easily learn about it.
To associate your repository with the dns-beaconing topic, visit your repo's landing page and select "manage topics."