Register or log in to join the discussion!

Tim Bradshaw, Financial Times-July 20, 2021, 1:59 PM UTC

Amnesty International analyzed dozens of smartphones targeted by NSO customers and stated that Apple’s marketing statement regarding the superior security and privacy of its devices has been “torn”, even in its latest versions of iPhone and iOS software Vulnerabilities were also found.

"Thousands of iPhones may be hacked," said Danna Ingleton, deputy director of Amnesty International's technology department. "This is a global problem-anyone and everyone is at risk, and even technology giants like Apple are not able to cope with the large-scale surveillance at hand."

Security researchers said that Apple can take more measures to solve this problem by cooperating with other technology companies, sharing detailed information about vulnerabilities and reviewing their software updates.

Aaron Cockerill, chief strategy officer of mobile security provider Lookout, said: "Unfortunately, Apple has done a poor job of this cooperation." Compared with Google's Android, he described iOS As a "black box", he said it "is easier to identify malicious behavior."

Amnesty International has collaborated with the news non-profit organization Forbidden Stories and 17 media partners to launch the "Project Pegasus" to determine the so-called surveillance targets.

NSO has stated that its technology is designed to target criminal or terrorist suspects only, and described the Pegasus project's claims as "false allegations" and "full of false assumptions and unproven theories."

Amnesty International’s research found that Apple’s iMessage used a so-called zero-click attack (which does not require users to open the link) for multiple attempts to steal data and eavesdrop on the iPhone.

Citizen Lab researcher Bill Marczak (Bill Marczak), a non-profit organization that has extensively documented NSO strategies, said that Amnesty International’s findings indicate that Apple has a “major flashing red five-level alert problem with regard to iMessage security. ".

In 2019, a similar zero-click Pegasus attack was discovered using Facebook's WhatsApp Messenger.

Will Cathcart, the head of WhatsApp, called the latest disclosure "a wake-up call for Internet security." In a series of tweets, he pointed out the measures taken by technology companies such as Google, Microsoft and Cisco to try to counter Pegasus and other commercial spyware tools.

But Apple, which has a long-standing feud with Facebook over iPhone privacy control issues, did not appear on his list of collaborators.

"We need more companies, especially the government, to take steps to make the NSO Group accountable," Cascade said.

Lookout's Cockerill said that while Apple "does a good job protecting consumers," it "should work more with companies like me" to prevent attacks like Pegasus.

"The biggest difference between Apple and Google is transparency," Cokerrill said.

Apple insists that it does cooperate with external security researchers, but has chosen not to disclose these activities, which include paying millions of dollars in "security bounty" rewards each year to discover vulnerabilities and provide researchers with its hardware.

"For more than ten years, Apple has been the industry leader in security innovation. Therefore, security researchers agree that the iPhone is the safest and safest consumer mobile device on the market," Apple said in a statement.

"Attacks like the one described are very complex, cost millions of dollars to develop, usually have a short shelf life, and are used to target specific individuals," Apple continued. "Although this means that they will not pose a threat to the vast majority of our users, we will continue to work tirelessly to protect all customers and continue to add new protections to their devices and data."

© 2021 The Financial Times Ltd. All rights reserved shall not be redistributed, copied or modified in any way.

Last edited by Deputy Cartman at 9:21 AM on Tuesday, July 20, 2021

GrahamM last edited on Tuesday, July 20, 2021 at 9:22 AM

Last edited by WesGordon at 9:46 AM on Tuesday, July 20, 2021

Last edited by Penguin Warlord at 9:54 AM on Tuesday, July 20, 2021

q8cool was last edited at 9:57 AM on Tuesday, July 20, 2021

You must log in or create an account to post a comment.

Join the Ars Orbital Transmission mailing list and send updates to your inbox every week.

CNMN Collection WIRED Media Group © 2021 Condé Nast. all rights reserved. Using and/or registering any part of this website signifies acceptance of our user agreement (updated on 1/1/20) and privacy policy and cookie statement (updated on 1/1/20) and Ars Technica appendix (effective on 8/21/) 2018). Ars may receive sales compensation through links on this website. Read our affiliate link policy. Your California Privacy Rights | Do not sell my personal information. Without the prior written permission of Condé Nast, you may not copy, distribute, transmit, cache or otherwise use the information on this website. Ad selection