Apple Should Do More to Protect iPhone Users vs Spyware: Researchers

An international group of researchers and journalists made up of individuals from Amnesty International, Forbidden Stories, and over a dozen other organizations, known collectively as the Pegasus Project, recently published a report with forensic evidence of the NSO Group’s notorious Pegasus spyware infecting (or targeting) at least 37 iOS and Android devices — reports Wired.

Pegasus is a suite of malicious utilities designed by Israeli cyber intelligence firm NSO Group, capable of infecting and extracting private data from any Android or iOS device.

The researchers also examined a leaked list of 50,000 phone numbers associated with activists, journalists, corporate executives, and politicians from across the globe that were all potential targets of surveillance via the Pegasus spyware.

Considering Apple’s emphasis on privacy and security in both product design and marketing, the bar is set much higher for the iPhone maker.

Apple keeps its entire ecosystem ‘exclusive’ to its own devices, denies third-parties access to its technologies and code, exacts a heavy premium from its consumers, and prevents even its own users from accessing core iPhone functions — all in the name of security.

Matthew Green, a cryptographer from Johns Hopkins University, said the following about Apple:

“Apple is trying, but the problem is they aren’t trying as hard as their reputation would imply.”

Google’s Android is completely open-source, making it possible for even third-party security analysts to research how spyware like Pegasus attacks and exploits vulnerabilities within the OS. iOS, on the other hand, is kept under better lock-and-key, making it pretty hard for independent analysts to get anywhere, much to their dismay.

Apple introduced the ‘BlastDoor Framework’ with iOS 14 that was designed to curb attacks targeting zero-click exploits, which didn’t even require any taps or downloads from the user for a successful infection. Despite those efforts, however, iOS still remains vulnerable to Pegasus.

Ivan Krstić, head of Apple security engineering and architecture, said the following in a statement:

Apple unequivocally condemns cyberattacks against journalists, human rights activists, and others seeking to make the world a better place. For over a decade, Apple has led the industry in security innovation and, as a result, security researchers agree iPhone is the safest, most secure consumer mobile device on the market. Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.