x

#AskApplesutra

Hey Siri, I have a question for Team Applesutra

    Thank You We’ll get back to you faster that you can say iPhone 12 Pro Max!

    Pegasus Spyware iMessage Exploit

    Is Your iPhone As Safe As You Think? What Pegasus & the Zero-Click iMessage Exploit Tell Us

    Spread the word

    Self-vigilance is perhaps the only way a user can ensure their safety and security online. Not clicking fishy links or random attachments and looking out for possible phishing attempts are a must on the internet. But what do you do when there is nothing to lookout for? When the attack’s so sophisticated that they require no action on your part, nothing fishy to be aware of even? That’s what’s been happening with the Pegasus spyware for a long time.

    Thought your iPhone and your trust in Apple will protect you? Well, we’ve got news for you.

    Pegasus Spyware That Lets Governments Hack Into Anyone’s Phones

    It’s not the first time, and it might even be happening to someone’s phone as you read this. The Pegasus software by the Israeli NSO Group uses an iMessage exploit that lets them hack your iPhone without having to make you click anything.

    Yup, that’s right. All it takes to get into your phone and steal your data is sending you the message. This attack allows access to the phone’s files, calls, contacts, messages, and even the camera and microphone. And who, you might wonder, is paying to gain this access to information? Law enforcement and governments all over the world, of course!

    A recent investigation called the Pegasus Project revealed a list with numbers of over 50,000 “people of interest” identified by the NSO’s clients. This list includes people of influence worldwide, including India, such as opposition leaders, journalists, union ministers, even Delhi University professors.

    Also Read: Apple’s iMessage Is Apparently Safe from 2021 IT Rules, Being Exclusive to Apple Users

    The Particulars

    While traces of the spyware go as far back as 2014, according to the report by Amnesty International, the latest was just July 2021—on a fully-patched iPhone 12 running iOS 14.6. The report details that zero-click attacks were observed from May 2018 to right before the release of the report.

    The spyware utilises various methods to hack into phones, both iOS and Android, and has adapted over the years as Apple fixes various security bugs with updates. Some common ones found for iPhones include redirections through Safari, a possible iOS Photos exploit, the zero-click zero-day iMessage exploit mentioned above, and even possible leveraging of Apple Music.

    Though Apple released iOS 14.7 soon after the report came out, with over 37 important fixes for security vulnerabilities, these don’t seem to protect iPhones from Pegasus attacks.

    Reconsidering iPhones As Ultimate Security Devices

    When news of the Pegasus Project broke, it didn’t take long for eyes to shift towards Apple. Unsurprising, seeing as 23 of the 34 iPhones analysed by Amnesty showed signs of successful infection. In comparison, only 3 of the 15 Android phones showed evidence of a Pegasus infection. But this was only because Android logs are not comprehensive enough to store that information.

    Still, there’s something to be said for a company that markets itself on its excellence of security. After all, we’ve known about Pegasus attacks since 2016, yet there hasn’t been much of a response from the company.

    In a statement, Apple’s head of security engineering and architecture, Ivan Krstić, said:

    Apple unequivocally condemns cyberattacks against journalists, human rights activists, and others seeking to make the world a better place. For over a decade, Apple has led the industry in security innovation and, as a result, security researchers agree iPhone is the safest, most secure consumer mobile device on the market. Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.

    Basically, what they’re saying is that the vast majority of their users are not in the section of individuals targeted by Pegasus attacks. That’s all well and good, except that a huge number of such individuals choose iPhones exactly for their famed security. And where does that leave them?

    All this isn’t to say that the iPhone doesn’t reign superior over its competitors in terms of transparency and security. Still, there’s an no doubt argument for improvement—and to not blindly trust any device, even if it’s Apple.

    Write a comment

    Leave a Reply

    Your email address will not be published. Required fields are marked *

    One More Thing
    Come say Hi
    AskApplesutra

    Stop by, say hi, and make our day!

      Thank You We’ll get back to you faster that you can say iPhone 12 Pro Max!