NSO spyware a step ahead of 'secure' iPhone

Apple has always touted its devices, especially its iPhone, as some of the most secure and privacy-protected products in the market. There's a general belief among consumers that this is indeed true, and that Apple products are less vulnerable to computer viruses and all sorts of cyber troubles.

But the recent reports from Project Pegasus, an international media investigation about Israel's NSO Group and its Pegasus spyware, break what has turned out to be a myth. The iPhone is not bulletproof against cyberattacks.

Amnesty International's Security Lab found the Pegasus spyware or traces of its infection on both iPhone and Android devices. Its head, Claudio Guarneri, told The Guardian there's "no doubt" that even the latest versions of iOS could be penetrated by Pegasus, and that attackers, partly because of their sheer number, will manage to stay a step ahead of the tech giant.

While the investigation concedes that only a fraction of the phones linked to the 50,000 Pegasus targets could be tested, there is enough to show that the spyware company NSO has not been deterred by protections made by tech companies including Apple.

One of the newer iPhone security advancements, BlastDoor, introduced in January 2021, is supposed to protect from iMessage intrusions by screening suspicious messages before it could do further damage. This has been beaten too, as Pegasus has been found in Apple's latest iOS versions.

The Guardian quotes Bill Marczak, a fellow at the University of Toronto's Citizen Lab: “We have seen Pegasus deployed through iMessage against Apple’s latest version of iOS, so it’s pretty clear that NSO can beat BlastDoor."

Patrick Wardle, founder of the Mac security developer Objective-See, in the same report, noted Apple's "self-assured hubris" on its security features, and the closed system of the iPhone that prevents security researchers from seeing processes running under the hood, could also be factors that cyber-attackers could use for their gain.

On Apple's hubris, Wardle said, for instance, Microsoft would be more open to reports coming from security researchers whereas Apple would be a little more standoffish. Microsoft would more likely say, "'We’re gonna put our ego aside, and ultimately realize that the security researchers are reporting vulnerabilities that at the end of the day are benefiting our users, because we’re able to patch them.’ I don’t think Apple has that same mindset.”

Apple's reputation for being a very secure platform certainly takes a hit with these reports confirming Pegasus' intrusion. The reports don't admonish the iPhone maker, and don't provide complete technical comparisons of security capabilities between Apple and competing devices.

What they establish, however, is that just because you're using an Apple device doesn't mean you're free from threats of cyber intrusion and surveillance. – Rappler.com

Gelo Gonzales

Gelo Gonzales is Rappler’s technology editor. He covers consumer electronics, social media, emerging tech, and video games.

image