Apple should be more like Microsoft?
20 July 2021 – Apple has long touted iPhone’s superior security features compared to Androids. But the Pegasus story now screaming across every main stream media outlet and every social media outlet indicates even the most recent iPhones can fall victim to spyware. Almost all of the phones either infected or attacked by Pegasus were iPhones. Vulnerabilities were found in iMessage, WhatsApp and Photo, among other locations. Amnesty International said potentially thousands of iPhones were compromised. Apple says Pegasus attacks “are not a threat to the overwhelming majority of our users” but two of my staffers were infected because of the investigatory work I am doing in Malta. (I use an iPhone for investigatory work but the device ID is not linked to me and no staffer communicates with me via that phone).
Earlier today we published for our cyber security and digital media subscribers a detailed briefing note on Pegasus spyware and how it hack phones. That is for our paying subscribers and I cannot share but I can recommend a very good piece in The Guardian which covers the main points very well and which you can access by clicking here.
One article on Apple I do want to draw your attention to is “Pegasus: The New Global Weapon for Silencing Journalists“. I note this interesting assertion:
“The iPhone is not bulletproof against cyberattacks”.
I agree. The write up continues: Vendors of specialized software and services have an advantage. Here’s why:
“attackers, partly because of their sheer number, will manage to stay a step ahead of the tech giant”.
The idea, I think, is that Apple is one outfit. There are more attackers than Apple security wizards. The result? Apple is now playing defense and is in reaction mode. Is there a fix? Well, sort of. The article notes:
“Patrick Wardle, founder of the Mac security developer Objective-See, in the same report, noted Apple’s ‘self-assured hubris’ on its security features, and the closed system of the iPhone that prevents security researchers from seeing processes running under the hood, could also be factors that cyber-attackers could use for their gain.
On Apple’s hubris, Wardle said, for instance, Microsoft would be more open to reports coming from security researchers whereas Apple would be a little more standoffish. Microsoft would more likely say, ‘We’re gonna put our ego aside, and ultimately realize that the security researchers are reporting vulnerabilities that at the end of the day are benefiting our users, because we’re able to patch them.’
I don’t think Apple has that same mindset'”.
What an interesting idea! Apple should be more like Microsoft.
Bottom line: As noted in The Guardian article and by every cybersecurity I have consulted, NSO has invested substantial effort in making its software difficult to detect and Pegasus infections are now very hard to identify. Security researchers suspect more recent versions of Pegasus only ever inhabit the phone’s temporary memory, rather than its hard drive, meaning that once the phone is powered down virtually all trace of the software vanishes. One of the most significant challenges that Pegasus presents to journalists and human rights defenders is the fact that the software exploits undiscovered vulnerabilities, meaning even the most security-conscious mobile phone user cannot prevent an attack.
The question being asked in every media story: “What can I do to stop this happening again?” The short answer? Not a goddamn thing.
One Reply to “Pegasus, the new global weapon for silencing journalists: “The iPhone is not bulletproof against cyberattacks”. With an interesting security assertion for Apple.”