Amnesty’s research found that several attempts to steal data and eavesdrop on iPhones had been made through Apple’s iMessage using so-called “zero-click” attacks, which work without the user needing to tap a link. NSO, which says its technology was designed only to target criminal or terrorist suspects, has described the Pegasus Project’s claims as “false allegations” and “full of wrong assumptions and uncorroborated theories”. Bill Marczak, research fellow at Citizen Lab, a non-profit group that has extensively documented NSO’s tactics, said Amnesty’s findings suggested that Apple had a “major blinking red five-alarm-fire problem with iMessage security”.
“Apple unfortunately do a poor job at that collaboration,” said Aaron Cockerill, chief strategy officer at Lookout, a mobile security provider, describing iOS as a “black box” compared with Google’s Android, where it is “much easier to identify malicious behaviour”. Security researchers say that Apple could do more to tackle the problem by working with other tech companies to share details about vulnerabilities and vet their software updates.
Amnesty worked with the journalism non-profit Forbidden Stories and 17 media partners on the “Pegasus Project” to identify alleged targets of surveillance. “Thousands of iPhones have potentially been compromised,” said Danna Ingleton, deputy director of Amnesty’s tech unit. “This is a global concern — anyone and everyone is at risk, and even technology giants like Apple are ill-equipped to deal with the massive scale of surveillance at hand.”
“We need more companies, and, critically, governments, to take steps to hold NSO Group accountable,” Cathcart said. While Apple does “a great job protecting consumers”, said Lookout’s Cockerill, it “should be more collaborative with firms like my own” to protect against attacks such as Pegasus. But Apple, with whom Facebook has a long-running feud over the iPhone’s privacy controls, was absent from his list of collaborators.
Will Cathcart, head of WhatsApp, called the latest disclosures a “wake-up call for security on the internet”. In a series of tweets, he pointed to steps from tech companies including Google, Microsoft and Cisco that have sought to push back against Pegasus and other commercial spyware tools. A similar kind of “zero-click” Pegasus attack was identified using Facebook-owned WhatsApp messenger in 2019.
The News Highlights
- Apple under pressure on iPhone security after NSO spyware claims
- Check the latest News news updates and information about business, finance and more.
For Latest News Follow us on Google News
- Show all
- Trending News
- Popular By week