It is one of the 21st century technological battles in which every mobile phone user has a role to play.
Apple is used by more than a billion active iPhones worldwide. Companies such as Israel Enso Group, on the other hand, develop spyware designed to overcome sophisticated security and privacy measures.
And while Apple claims to be moving faster with hacking tools – boasting of “the most reliable consumer platform in the world” – a study as part of the Pegasus project shows a more disturbing picture.
Malware appears to be one step ahead.
That is the culmination of a new technical research by Amnesty International, which states that even the most advanced iPhones running the latest operating system are still embedded in PSO’s Spyware.
This makes it possible for some people’s mobile phones to be converted into mobile spying devices, making them completely accessible to numbers, text messages, and photos. Everything.
The disclosure points to a problem that security researchers have been warning about for years: Although it is known for building what millions of customers view as a safe product, some people believe that Apple’s closed culture and fear of the negative press have damaged its security. For victims of governments and criminals.
“Apple’s self-certified Habris is unrivaled,” said former NSA employee and Mac security developer. They believe that their path is the best. And to be fair, the iPhone has achieved incredible success.
“But you talk to any foreign security researcher, they probably don’t have much to say about Apple. If you talk to security researchers about Microsoft, Microsoft says, ‘We put our feelings aside, and eventually the security researchers are reporting vulnerabilities that will benefit us at the end of the day. Users, because we can arm them. I don’t think Apple thinks the same. ”
Collaborative Journalism Investigation in Prohibited Stories is one aspect of the vulnerability of mobile devices developed by the Pegasus Project.
With the technical support of the project, Amnesty International has examined the details of tens of thousands of mobile phone numbers connected to Apple and Android handsets.
While some of the phones listed for monitoring have been tested, the size of the target, which is similar to the targets, indicates that the world’s most advanced spyware customers have not been deterred by improved security improvements. With companies like Apple.
Most experts agree that the biggest vulnerability of the iPhone is one of the most popular features: iMessage, which Apple announced earlier this year. One of the methods used by the company was to create a suspicious blasdoder before messages could penetrate deep into the phone.
But even those improvements did not keep iPhone users safe.
“We’ve seen Pigas circulating on Apple’s latest iOS version via iMessage, so it’s very clear that NSO can beat Blatstor,” said Bill Marquez, of Citizen Laboratory at the University of Toronto’s Cyber Security Analyst. “Of course, it is still important to develop security features. Each new step increases the cost of hacking tools, which in turn costs less sophisticated attackers. ”
According to Wardley, the security features that Apple relies on are double-edged swords. “IMessage is encrypted from end to end, which means no one will see it when you drop that exploit. This is interesting from the point of view of the attacker. ”
There is a similar problem with the device: security researchers, such as the Mac or Android phone, have been denied the ability to see exactly what their devices are doing.
“If an attacker enters, they or she can take full advantage of the device’s security,” Wardle said. “So, for example, I don’t know if the iPhone has been hacked. My Mac, on the other hand, I say, yes, it is the simplest target, but I can see the details of the processes, I have a firewall product that can ask what is allowed to communicate with the Internet. ”
That obscure Apple attacks can even detract from the fact that “they often have a short wait.” “Unless the attacker is very lucky, the installation may remain on the device, and it may remain unknown,” Wardley said.
“There is no doubt that NSO spyware can infect the latest version of iOS,” said Claudio Guernery, head of Amnesty’s security laboratory. “While Apple has done a lot to improve security, it is only natural that the company will always fall into the hands of thousands of attackers who are always taking” one step forward, “he said.
There will always be a talented person out there who is motivated by the huge losses you get [security] He is working in all possible ways to find a solution to these issues, ”said Garnieri.
John Scott-Relton, another citizen laboratory researcher, said it was important to prevent threats by “constantly monitoring” companies like Apple and anticipating what would happen next. “If you don’t do that, you can’t build a truly reliable product, because when you talk about the potential risks on your platform, you get threats that many smart people don’t know about. [about],” is there.
Although Apple’s peers in the technology have started screaming about the growth of companies like NSO and saying it poses a serious threat to cyber security, Apple has largely remained silent. Companies from Microsoft to Cisco have formed a coalition in a recent court appearance in support of WhatsApp, a lawsuit filed by Ensoso Group in California. Apple did not join the offer.
Partners in the Pegasus project have asked Apple a series of questions.
“Apple unequivocally condemns cyber-attacks against journalists, human rights activists and others who want to make the world a better place,” the iPhone maker said in a statement. Apple has led the industry in security innovation for more than a decade, and security researchers agree that the iPhone is the safest, most secure consumer mobile device on the market. ”
Apple also said that security is a dynamic field and that Blasdor’s efforts to protect iMessage are not over.
“The attacks described are sophisticated, cost millions of dollars to develop, often have short stays, and are targeted at specific individuals,” he said. While they are not a threat to most of our users, we will continue to work tirelessly to protect all our customers and add new protections to their devices and information on a regular basis.
The Washington Post’s Craig Timberg contributed to this report.