scorecardresearch

Apple condemns Pegasus spyware attack, says it is working on added protection

Apple has also noted that such attacks do not affect an overwhelming number of users and has said that the company is now working on added protections.

(Picture : Reuters) (Picture : Reuters)
Story highlights
  • According to the forensic methodology report by Amnesty, Apple’s iPhone is the easiest to snoop on using the Pegasus software.
  • Apple called such attacks “highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals.”
  • The leaked database shows that iPhones running iOS 14.6 contain a zero-click iMessage exploit and this exploit could have been used to install Pegasus software.

Apple, the tech giant which emphasises user privacy, was a victim of Pegasus spyware attack that snooped on journalists, activists and some government officials. In fact, according to the forensic methodology report by Amnesty, Apple's iPhone is the easiest to snoop on using the Pegasus software. The leaked database shows that iPhones running iOS 14.6 contain a zero-click iMessage exploit and this exploit could have been used to install Pegasus software on the iPhone devices of the targeted entities. The Cupertino giant has now released a statement condemning the attack. It has also noted that such attacks do not affect an overwhelming number of users and has noted that the company is now working on added protections.

Apple's Head of Security Engineering and Architecture, Ivan Krsti, in a statement said, "Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data," the Apple spokesperson added.

A report by Amnesty International, a global organisation which is dedicated to fighting the abuse of human rights noted that the spyware can work on any smartphone, and discovered that it was still using the iMessage exploit that was previously thought to have been fixed.

This exploit was discovered by Citizen Labs previously. Zero click attacks do not require input from the user to trigger, are virtually undetectable, and run in the background. Apple had introduced a Blastdoor framework in iOS 14 to make zero clock attacks difficult but it does not seem to be working as intended as researcher Bill Marczac.

"AmnestyTech saw an iOS 14.6 device hacked with a zero-click iMessage exploit to install Pegasus. We at @citizenlab also saw 14.6 devices hacked with a zero-click iMessage exploit to install Pegasus. All this indicates that NSO Group can break into the latest iPhones," Marczac wrote on Twitter. "It also indicates that Apple has a MAJOR blinking red five-alarm-fire problem with iMessage security that their BlastDoor Framework (introduced in iOS 14 to make zero-click exploitation more difficult) ain't solving," he added.