- Apple’s iPhones are much less secure than Apple says, according to a new report.
- “Apple has a BIG flashing red femalarm fire problem with iMessage security,” said a cyber security researcher.
- An iMessages security breach was used by an Israeli spyware company to give hackers access to iPhones.
Apple’s iPhone is not as secure as Apple says it is, according to a bombshell new report from a group of media and Amnesty International.
“Apple has a BIG flashing red five-alarm fire issue with iMessage security,” Citizen’s Lab Senior Research Fellow Bill Marczak said on Sunday.
Hackers were allegedly able to remotely access and replicate data from phones linked to 37 people, mainly journalists and executives, using a software tool called Pegasus created by the NSO Group.
The software is sold to authorities and is considered a hacker service of a military nature. With Pegasus, hackers are able to infect phones with so-called “zero-click” texts through iMessage, which means that the target user does not even have to interact with the text to get the phone broken.
Furthermore, the report found that even the most up-to-date firmware and iPhone hardware can be broken by Pegasus.
Forensic reports completed by Amnesty International and verified by Citizen’s Lab found that even iPhones running iOS 14.6, the latest version of Apple’s mobile operating system, were hacked. “All of this indicates that the NSO Group can break into the latest iPhones,” Marczak said.
One such target with an iPhone was the fiancée of the slain Washington Post reporter Jamal Khashoggi, according to the report. A forensic analysis of Hatice Cengiz’s iPhone found evidence of several violations that began in early October 2018 – immediately after Khashoggi’s assassination attempt on October 2, 2018.
“Why do people say that the iPhone is the more secure phone that no one can hack?” Cengiz asks Washington Post reporter Dana Priest in a recent PBS Frontline segment regarding spyware. “That’s what [Apple] says the company, “Priest responds.” It is not true. “
Following the report, the NSO Group issued a statement reprimanding its findings and threatening a potential lawsuit. “We strongly deny the false allegations in the report,” the statement said. “These allegations are so outrageous and far from reality that the NSO is considering a defamation case.”
Apple representatives did not immediately respond to a request for comment regarding the specific iPhone security issues described in the report, and it is unclear whether an update will patch the exploit.
“For over a decade, Apple has been leading the industry in security innovation, and as a result, security researchers agree that the iPhone is the safest and most secure consumer mobile device on the market,” Apple Security Engineering Chief Ivan Krstić said in a statement to Insider. “Attacks such as those described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life and are used to target specific individuals. Although that means they are not a threat to the vast majority of our users,” we work tirelessly to defend all our customers, and we are constantly adding new protection for the devices and their data. ”
Read the full report on Pegasus spyware and iPhone security here.
Do you have a tip? Contact senior correspondent Ben Gilbert via email (email@example.com), or Twitter DM (@realbengilbert). We can keep sources anonymous. Use a non-work unit to reach out. PR places only via email, please.