Self-vigilance is perhaps the only way a user can ensure their safety and security online. Not clicking fishy links or random attachments and looking out for possible phishing attempts are a must on the internet. But what do you do when there is nothing to lookout for? When the attack’s so sophisticated that they require no action on your part, nothing fishy to be aware of even? That’s what’s been happening with the Pegasus spyware for a long time.
Thought your iPhone and your trust in Apple will protect you? Well, we’ve got news for you.
Pegasus Spyware That Lets Governments Hack Into Anyone’s Phones
It’s not the first time, and it might even be happening to someone’s phone as you read this. The Pegasus software by the Israeli NSO Group uses an iMessage exploit that lets them hack your iPhone without having to make you click anything.
Yup, that’s right. All it takes to get into your phone and steal your data is sending you the message. This attack allows access to the phone’s files, calls, contacts, messages, and even the camera and microphone. And who, you might wonder, is paying to gain this access to information? Law enforcement and governments all over the world, of course!
A recent investigation called the Pegasus Project revealed a list with numbers of over 50,000 “people of interest” identified by the NSO’s clients. This list includes people of influence worldwide, including India, such as opposition leaders, journalists, union ministers, even Delhi University professors.
While traces of the spyware go as far back as 2014, according to the report by Amnesty International, the latest was just July 2021—on a fully-patched iPhone 12 running iOS 14.6. The report details that zero-click attacks were observed from May 2018 to right before the release of the report.
The spyware utilises various methods to hack into phones, both iOS and Android, and has adapted over the years as Apple fixes various security bugs with updates. Some common ones found for iPhones include redirections through Safari, a possible iOS Photos exploit, the zero-click zero-day iMessage exploit mentioned above, and even possible leveraging of Apple Music.
Though Apple released iOS 14.7 soon after the report came out, with over 37 important fixes for security vulnerabilities, these don’t seem to protect iPhones from Pegasus attacks.
Reconsidering iPhones As Ultimate Security Devices
When news of the Pegasus Project broke, it didn’t take long for eyes to shift towards Apple. Unsurprising, seeing as 23 of the 34 iPhones analysed by Amnesty showed signs of successful infection. In comparison, only 3 of the 15 Android phones showed evidence of a Pegasus infection. But this was only because Android logs are not comprehensive enough to store that information.
Still, there’s something to be said for a company that markets itself on its excellence of security. After all, we’ve known about Pegasus attacks since 2016, yet there hasn’t been much of a response from the company.
In a statement, Apple’s head of security engineering and architecture, Ivan Krstić, said:
Apple unequivocally condemns cyberattacks against journalists, human rights activists, and others seeking to make the world a better place. For over a decade, Apple has led the industry in security innovation and, as a result, security researchers agree iPhone is the safest, most secure consumer mobile device on the market. Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.
Basically, what they’re saying is that the vast majority of their users are not in the section of individuals targeted by Pegasus attacks. That’s all well and good, except that a huge number of such individuals choose iPhones exactly for their famed security. And where does that leave them?
All this isn’t to say that the iPhone doesn’t reign superior over its competitors in terms of transparency and security. Still, there’s an no doubt argument for improvement—and to not blindly trust any device, even if it’s Apple.