How does Apple technology handle spyware from NSO?

It is one of the 21st century technological battles in which every mobile phone user has a role to play.

Apple is used by more than a billion active iPhones worldwide. Companies such as Israel Enso Group, on the other hand, develop spyware designed to overcome sophisticated security and privacy measures.

And while Apple claims to be moving faster with hacking tools – boasting of “the most reliable consumer platform in the world” – a study as part of the Pegasus project shows a more disturbing picture.

Malware appears to be one step ahead.

That is the culmination of a new technical research by Amnesty International, which states that even the most advanced iPhones running the latest operating system are still embedded in PSO’s Spyware.

Quick guide

What is in the Pegasus Project Information?


What is in the flow of information?

The database lists more than 50,000 phone numbers. The NSO Group, which sells spy software since 2016, is believed to have been selected by interested government customers. The information also includes the time and date when the numbers were selected or entered into the system. Prohibited Stories, a Paris-based non-profit journalism organization and Amnesty International initially shared the list with 16 media organizations, including the Guardian. More than 80 journalists have worked together for several months as part of the Pegasus project. Amnesty Technical Laboratory, a technical partner on the project, conducted the analysis of the illegality.

What does the shedding mean?

The union believes that the information indicates NSO’s potential targets for potential government customers. Although the information is an indicator of the purpose, the number does not indicate that the information was found in the information provided by spyware, such as Pegasus, the company’s signature spy tool, or that it failed. NSO’s presence in the “technically impossible” number of lines and US numbers to access the devices indicates that some targets may not be contaminated in Pegasus but were selected by NSO customers. However, forensic tests of small cell phones with numbers on the list found a strong correlation between the time and date in the data and the start of the Pegasus movement – in some cases for a few seconds.

What does forensic analysis show?

Amnesty investigated 67 suspected cell phones, 23 of which were infected and 14 showed signs of hacking. For the remaining 30 trials, cell phones were replaced, and in many cases the test was unknown. Fifteen of the phones are Android devices, none of which indicate a successful infection. However, Android phones, like the iPhones, do not provide the information needed for Amnesty International. Three Android phones showed signs of targeting, such as Pegasus-linked SMS messages.

Amnesty International has confirmed that four “iPhone backups” have been shown to show signs of Pegasus infection in a Citizens’ research team at the University of Toronto’s Pegasus Research Group. The Siston Laboratory also conducted a peer review of Amnesty International’s diagnostic procedures and found it to be healthy.

Which NSO customer numbers were you choosing?

Although the information is organized into cluster identifying individual NSO clients, it does not specify which NSO client is responsible for selecting any given number. NESO said it would sell the equipment to 60 customers in 40 countries, but refused to identify them. According to media partners, an in-depth study of individual targets has identified the 10 governments responsible for selecting targets: Azerbaijan, Bahrain, Kazakhstan, Mexico, Morocco, Rwanda, Saudi Arabia, Hungary, India, and the United Arab Emirates. Citiin Laboratories also found evidence that 10 of them were NSO customers.

What does the NSO team say?

You can read the full description of the NSO team here. The company says it cannot always get information about its customers’ targets. NSso said through his lawyers that the cooperative had made “false assumptions” as to which technology the customers would use. He said the 50,000 numbers could not be “exaggerated” and that the list could not be “targeted by governments using Pegasus.” Proponents of her case have been working to make the actual transcript of this statement available online. Proponents of her case have been working to make the actual transcript of this statement available online. Objectives ”The lawyers found that after further questions, the union’s findings were based on a misinterpretation of accessible and explicit basic information such as HLR Lookup services, which is of no use to their clients’ Pegasus or any other list. Ensoso products … We still do not see any of these details related to the use of NSO Group technologies.

What is HLR Search Data?

The term HRR, or Home Location Record, refers to the database needed to operate mobile phone networks. Such records contain records of other identifiers that regularly use calls and texts on telephone networks and in general. Telecom and intelligence experts are investigating whether it is possible to connect to a telephone. They say that information can sometimes be used at the initial stage of a monitoring experiment. NSO clients will be able to perform HTML search queries through the Pegasus system interface. Pegasus operators use HRLL to use the software. It is not clear whether search queries should be performed via the interface. In the N.A. Customers may have a variety of reasons to perform HTML search through the system – unrelated to Pegasus.

Thanks for the feedback.

This makes it possible for some people’s mobile phones to be converted into mobile spying devices, making them completely accessible to numbers, text messages, and photos. Everything.

The disclosure points to a problem that security researchers have been warning about for years: Although it is known for building what millions of customers view as a safe product, some people believe that Apple’s closed culture and fear of the negative press have damaged its security. For victims of governments and criminals.

“Apple’s self-certified Habris is unrivaled,” said former NSA employee and Mac security developer. They believe that their path is the best. And to be fair, the iPhone has achieved incredible success.

“But you talk to any foreign security researcher, they probably don’t have much to say about Apple. If you talk to security researchers about Microsoft, Microsoft says, ‘We put our feelings aside, and eventually the security researchers are reporting vulnerabilities that will benefit us at the end of the day. Users, because we can arm them. I don’t think Apple thinks the same. ”

Collaborative Journalism Investigation in Prohibited Stories is one aspect of the vulnerability of mobile devices developed by the Pegasus Project.

Spyware technology that threatens Pegasus democracy - video
Spyware technology that threatens Pegasus democracy – video

With the technical support of the project, Amnesty International has examined the details of tens of thousands of mobile phone numbers connected to Apple and Android handsets.

While some of the phones listed for monitoring have been tested, the size of the target, which is similar to the targets, indicates that the world’s most advanced spyware customers have not been deterred by improved security improvements. With companies like Apple.

Most experts agree that the biggest vulnerability of the iPhone is one of the most popular features: iMessage, which Apple announced earlier this year. One of the methods used by the company was to create a suspicious blasdoder before messages could penetrate deep into the phone.

But even those improvements did not keep iPhone users safe.

“We’ve seen Pigas circulating on Apple’s latest iOS version via iMessage, so it’s very clear that NSO can beat Blatstor,” said Bill Marquez, of Citizen Laboratory at the University of Toronto’s Cyber ​​Security Analyst. “Of course, it is still important to develop security features. Each new step increases the cost of hacking tools, which in turn costs less sophisticated attackers. ”

According to Wardley, the security features that Apple relies on are double-edged swords. “IMessage is encrypted from end to end, which means no one will see it when you drop that exploit. This is interesting from the point of view of the attacker. ”

There is a similar problem with the device: security researchers, such as the Mac or Android phone, have been denied the ability to see exactly what their devices are doing.

“If an attacker enters, they or she can take full advantage of the device’s security,” Wardle said. “So, for example, I don’t know if the iPhone has been hacked. My Mac, on the other hand, I say, yes, it is the simplest target, but I can see the details of the processes, I have a firewall product that can ask what is allowed to communicate with the Internet. ”

That obscure Apple attacks can even detract from the fact that “they often have a short wait.” “Unless the attacker is very lucky, the installation may remain on the device, and it may remain unknown,” Wardley said.

“There is no doubt that NSO spyware can infect the latest version of iOS,” said Claudio Guernery, head of Amnesty’s security laboratory. “While Apple has done a lot to improve security, it is only natural that the company will always fall into the hands of thousands of attackers who are always taking” one step forward, “he said.

There will always be a talented person out there who is motivated by the huge losses you get [security] He is working in all possible ways to find a solution to these issues, ”said Garnieri.

John Scott-Relton, another citizen laboratory researcher, said it was important to prevent threats by “constantly monitoring” companies like Apple and anticipating what would happen next. “If you don’t do that, you can’t build a truly reliable product, because when you talk about the potential risks on your platform, you get threats that many smart people don’t know about. [about],” is there.

Although Apple’s peers in the technology have started screaming about the growth of companies like NSO and saying it poses a serious threat to cyber security, Apple has largely remained silent. Companies from Microsoft to Cisco have formed a coalition in a recent court appearance in support of WhatsApp, a lawsuit filed by Ensoso Group in California. Apple did not join the offer.

Partners in the Pegasus project have asked Apple a series of questions.

“Apple unequivocally condemns cyber-attacks against journalists, human rights activists and others who want to make the world a better place,” the iPhone maker said in a statement. Apple has led the industry in security innovation for more than a decade, and security researchers agree that the iPhone is the safest, most secure consumer mobile device on the market. ”

Apple also said that security is a dynamic field and that Blasdor’s efforts to protect iMessage are not over.

“The attacks described are sophisticated, cost millions of dollars to develop, often have short stays, and are targeted at specific individuals,” he said. While they are not a threat to most of our users, we will continue to work tirelessly to protect all our customers and add new protections to their devices and information on a regular basis.

The Washington Post’s Craig Timberg contributed to this report.

Leave a Comment