How does Apple technology hold up against NSO spyware?
It is one of the technological battles of the 21st century – in which every mobile phone user has a stake. In one corner, Apple, which has more than a billion active iPhones being used across the world. In the other, companies such as Israel’s NSO Group, developing spyware designed to defeat the most sophisticated security and privacy measures.
And while Apple says it is keeping pace with surveillance tools that are used to attack its phones – it boasts of creating “the most secure consumer platform in the world” – research undertaken as part of the Pegasus project paints a more worrying picture... suggest[ing] that even the most up-to-date iPhones running the latest operating system have still been penetrated by NSO Group’s Pegasus spyware.
... The disclosure points to a problem security researchers have been warning about for years: that despite its reputation for building what is seen by millions of customers as a secure product, some believe Apple’s closed culture and fear of negative press have harmed its ability to provide security for those targeted by governments and criminals.
... Another Citizen Lab researcher, John Scott-Railton, said it was important for companies such as Apple to defend against threats by “constantly tracking them” and anticipating what might come next. “If you don’t do that, you can’t really build a secure product, because as much as you talk about what potential threats exist against your platform, lots of clever people will find threats that you don’t know [about],” he said.
Even as Apple’s peers in the tech industry have begun to cry foul on advances by companies such as NSO, and have claimed they pose a grave threat to cybersecurity, Apple has largely stayed out of the fray. In a recent court submission filed in support of WhatsApp, the messaging app that is suing NSO Group in California, companies from Microsoft to Cisco created a coalition and filed a statement saying NSO made ordinary people less safe. Apple did not join the submission.
... In a statement, the iPhone maker said: “Apple unequivocally condemns cyber-attacks against journalists, human rights activists, and others seeking to make the world a better place. For over a decade, Apple has led the industry in security innovation and, as a result, security researchers agree iPhone is the safest, most secure consumer mobile device on the market.”
Apple also said that security was a dynamic field and that its BlastDoor was not the end of its efforts to secure iMessage.
“Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals,” it said. “While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.”