After NSO spyware claims, Apple faces pressure on iPhone security
After a report stated that NSO Group’s Pegasus spyware was used to target journalists and human rights activists, Apple was under pressure to strengthen cooperation with its Silicon Valley competitors to counter the common threat of surveillance technology.
Amnesty International analyzed dozens of smartphones The goals of the National Bureau of Statistics client, Said that even the latest versions of iPhone and iOS software have found vulnerabilities, and Apple’s marketing statement on the superior security and privacy of its devices has been “torn.”
“Thousands of iPhones may be hacked,” said Danna Ingleton, deputy director of Amnesty International’s technology department. “This is a global problem-anyone and everyone is at risk, and even technology giants like Apple are not able to cope with the large-scale surveillance at hand.”
Security researchers said that Apple can take more steps to solve this problem by cooperating with other technology companies, sharing detailed information about the vulnerabilities and reviewing their software updates.
Aaron Cockerill, chief strategy officer of mobile security provider Lookout, said: “Unfortunately, Apple has done a poor job of this kind of cooperation.” He described iOS as a “black box”, which is compared to Google’s Android. Easier to identify malicious behavior “”.
Amnesty International collaborates with news non-profit organizations Taboo story And the 17 media partners of the “Pegasus Project” to determine the so-called surveillance targets.
The National Bureau of Statistics stated that its technology is only designed to target criminal or terrorist suspects, and described the Pegasus project as “false accusations” and “full of false assumptions and unproven theories.”
Amnesty the study It has been discovered that multiple attempts to steal data and eavesdrop on data on the iPhone using so-called “zero-click” attacks through Apple’s iMessage, this attack does not require the user to click on the link.
Citizen Lab researcher Bill Marczak (Bill Marczak), a non-profit organization that has extensively documented NSO strategies, said that Amnesty International’s findings indicate that Apple has a “major flashing red five-level alert problem with regard to iMessage security. “.
A similar “zero-click” Pegasus attack is determine Use Facebook’s WhatsApp Messenger in 2019.
The head of WhatsApp, Will Cathcart (Will Cathcart) called the latest information disclosed as “a wake-up call for Internet security.” In a series of tweets, he pointed out the steps taken by technology companies such as Google, Microsoft, and Cisco to counter Pegasus and other commercial spyware tools.
But Apple, which has a long-standing feud with Facebook over iPhone privacy control issues, did not appear on his list of collaborators.
“We need more companies, especially the government, to take steps to hold the NSO Group accountable,” Cathcart Say.
Lookout’s Cockerill said that while Apple “does a good job protecting consumers,” it “should work more with companies like me” to prevent things like Pegasus.
“The biggest difference between Apple and Google is transparency,” Cokerrill said.
Apple insisted that it did cooperate with external security researchers, but chose not to disclose these activities. This includes paying millions of dollars in “security bounty” rewards each year to discover vulnerabilities and provide researchers with their hardware.
“For more than ten years, Apple has been the industry leader in security innovation. Therefore, security researchers agree The iPhone is the safest and safest consumer mobile device on the market,” Apple said in a statement.
“Attacks like the one described are very complex, cost millions of dollars to develop, usually have a short shelf life, and are used to target specific individuals,” Apple continued. “Although this means that they will not pose a threat to the vast majority of our users, we will continue to work tirelessly to protect all customers and continue to add new protections to their devices and data.”