Why Apple’s walled garden can’t keep Pegasus spyware at bay

Why Apple’s walled garden can’t keep Pegasus spyware at bay

An investigation by the Guardian and 16 other media organisations around the world into a massive data leak suggests widespread abuse of NSO Group’s hacking software by government customers. The company insists it is intended for use only against criminals and terrorists but the investigation has revealed that journalists, human rights activists and opposition politicians are also being targeted. Since our phones are increasingly external brains, storing our lives in digital form, a successful deployment of Pegasus can be devastating. Messages, emails, contact details, GPS location, calendar entries and more can be extracted from the device in a matter of minutes.

You will, by now, have heard about Pegasus. It’s the brand name for a family of spyware tools sold by the NSO Group, an Israeli outfit of hackers-for-hire who sell their wares to intelligence agencies, law enforcement, and militaries around the world. developed, marketed and licensed to intelligence agencies, law enforcement and militaries around the world by the Israeli NSO Group.

On Sunday, the Guardian and its media partners began to publish the results of the investigation into the NSO Group, Pegasus, and the people whose numbers appear on the leaked list:

The Guardian and its media partners will be revealing the identities of people whose number appeared on the list in the coming days. They include hundreds of business executives, religious figures, academics, NGO employees, union officials and government officials, including cabinet ministers, presidents and prime ministers.

The list also contains the numbers of close family members of one country’s ruler, suggesting the ruler may have instructed their intelligence agencies to explore the possibility of monitoring their own relatives.

The presence of a number in the data does not reveal whether there was an attempt to infect the phone with spyware such as Pegasus, the company’s signature surveillance tool, or whether any attempt succeeded. There are a very small number of landlines and US numbers in the list, which NSO says are “technically impossible” to access with its tools – which reveals some targets were selected by NSO clients even though they could not be infected with Pegasus.

There’s a lot more to read on our site, including the fact that the numbers of almost 200 journalists were identified in the data; links to the killing of Jamal Khashoggi; and the discovery that a political rival of Narendra Modi, the autocratic leader of India, was among those whose number was found in the leaked documents.

But this is a tech newsletter, and I want to focus on the tech side of the story. Chiefly: how the hell did this happen?

The messages are coming from inside the house Pegasus affects the two largest mobile operating systems, Android and iOS, but I’m going to focus on iOS here for two reasons: one is a technical problem that I’ll get to in a bit, but the other is that, although Android is by far the most widely used mobile OS, iPhones have a disproportionately high market share among many of the demographics targeted by the customers of NSO Group.

That’s partly because they exist predominantly in the upper tiers of the market, with price tags that keep them out of the reach of much of the world’s smartphone users but still within the reach of the politicians, activists and journalists potentially targeted by governments around the world. But it’s also because they have a reputation for security. Dating back to the earliest days of the mobile platform, Apple fought to ensure that hacking iOS was hard, that downloading software was easy and safe, and that installing patches to protect against newly discovered vulnerabilities was the norm.

And yet Pegasus has worked, in one way or another, on iOS for at least five years. The latest version of the software is even capable of exploiting a brand-new iPhone 12 running iOS 14.6, the newest version of the operating system available to normal users. More than that: the version of Pegasus that infects those phones is a “zero-click” exploit. There is no dodgy link to click, or malicious attachment to open. Simply receiving the message is enough to become a victim of the malware. It’s worth pausing to note what is, and isn’t, worth criticising Apple for here. No software on a modern computing platform can ever be bug-free, and as a result no software can ever be fully hacker-proof. Governments will pay big money for working iPhone exploits, and that motivates a lot of unscrupulous security researchers to spend a lot of time trying to work out how to break Apple’s security.

But security experts I’ve spoken to say that there is a deeper malaise at work here. “Apple’s self-assured hubris is just unparalleled,” Patrick Wardle, a former NSA employee and founder of the Mac security developer Objective-See, told me last week. “They basically believe that their way is the best way.” What that means in practice is that the only thing that can protect iOS users from an attack is Apple – and if Apple fails, there’s no other line of defence.

Security for the 99% At the heart of the criticism, Wardle accepts, is a solid motivation. Apple’s security model is based on ensuring that, for the 99% – or more – for whom the biggest security threat they will ever face is downloading a malicious app while trying to find an illegal stream of a Hollywood movie, their data is safe. Apps can only be downloaded from the company’s own App Store, where they are supposed to be vetted before publication. When they are installed, they can only access their own data, or data a user explicitly decides to share with them. And no matter what permissions they are given, a whole host of the device’s capabilities are permanently blocked off from them.

The News Highlights

  • Why Apple’s walled garden can’t keep Pegasus spyware at bay
  • Check the latest update on Gaming news
Disclaimer: If you need to edit or update this news from compsmag then kindly contact us Learn more

For Latest News Follow us on Google News


Latest Headlines
  • Show all
  • Trending News
  • Popular By week
Secretary of State warns of misleading business direct mail
Boy from Siouxland goes out to raise money at the lemonade stand, ends up getting a big surprise
“We put it out there on Twitter and the next morning I woke up and our DM was full of people that wanted to either help in some way, cover the rest of it, or ...
Electric provider must pay $400,000 to resolve marketing case
Electric provider must pay $400,000 to resolve marketing case
In 2019 and 2020, the company charged customers about $2 million more than the standard service rate, the state alleged. The settlement amount will be paid ...
Apple Macs sold a total of 6 million units in Q2 due to the M1 chip push
Apple Macs sold a total of 6 million units in Q2 due to the M1 chip push
Apple in November last year introduced three new Mac devices — MacBook Air, MacBook Pro and Mac Mini — powered by the Apple M1 system on a chip (SoC). New ...
Savvy Senior: Does Medicare cover home health care?  |  community news
Savvy Senior: Does Medicare cover home health care? | community news
But be aware that Medicare will not pay for personal care aide services (for bathing, dressing, using the bathroom, etc.) alone if he does not need ...
Mississippi Students Learn Virtually During Construction
Mississippi Students Learn Virtually During Construction
“They’re working as hard and as fast as they can to get it completed,” he said. “Of course we have to have it inspected by the building code offices to make ...
Federal officials donate $6 million UIC to test treatment with COVID-19
Federal officials donate $6 million UIC to test treatment with COVID-19
Researchers hope the testing will culminate in an application to a U.S. Food and Drug Administration program overseeing how potential drugs are evaluated for ...
The Crypto Daily – Movers and Shakers – August 1, 2021
The Crypto Daily – Movers and Shakers – August 1, 2021
Across the rest of the majors, it was a mixed day on Saturday. The Rest of the Pack Bitcoin Cash SV fell by 1.60% to lead the way down, with Litecoin (-0.81%) ...
New Mexico’s Largest Dealerships to Resume Normal Billing
New Mexico’s Largest Dealerships to Resume Normal Billing
The New Mexico Public Regulation Commission prevented utilities from disconnecting service over unpaid bills during much of the pandemic. The moratorium ...
These investment mistakes will cost you money
Home First Finance Company India Limited Announces First Quarter Earnings of Fiscal Year 22
– Sharp focus on housing loans that contribute 92.4% of AUM and EWS / LIG category that forms ~77% of the customer base. – INR 4,294 Crs, growth of 18.5% over ...
Crypto Shadow Banking explained and why 12% of earnings are common
French police clashes with anti-virus pass protesters in Paris
Across the Alps, thousands of anti-vaccine pass demonstrators marched in Italian cities including Rome, Milan and Naples for the second consecutive week. ...
Show next
Compsmag - Latest News from tech, business and health
Logo