Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
58,096
21,184


Following the news of widespread commercial hacking spyware on targeted iPhones, a large number of security researchers are now saying that Apple could do more to protect its users (via Wired).

tim-cook-privacy.jpg

Earlier this week, it was reported that journalists, lawyers, and human rights activists around the world had been targeted by governments using phone malware made by the surveillance firm NSO Group known as "Pegasus."

Now, security researchers are stating that Apple could and should do more to protect its users against advanced surveillance tools like Pegasus. Independent security researcher Cedric Owens told Wired:
It definitely shows challenges in general with mobile device security and investigative capabilities these days. I also think seeing both Android and iOS zero-click infections by NSO shows that motivated and resourced attackers can still be successful despite the amount of control Apple applies to its products and ecosystem.
The security community has frequently criticized Apple for its limits on the ability to conduct forensic investigations into the security of iOS and the use of monitoring tools. A greater level of access to the operating system itself would, they claim, help to catch attacks and vulnerabilities more easily. For example, combating spyware like Pegasus would need access to read a device's filesystem, the ability to examine which processes are running, access to system logs, and more.

Android also places limits on "observability," but the locked-down nature of iOS, in particular, has drawn the ire of security researchers because Apple has heavily leaned into its focus on privacy and strong security protections, especially compared to other platforms. SentinelOne threat researcher Juan Andres Guerrero-Saade commented:
The truth is that we are holding Apple to a higher standard precisely because they're doing so much better. Android is a free-for-all. I don't think anyone expects the security of Android to improve to a point where all we have to worry about are targeted attacks with zero-day exploits.

Johns Hopkins University cryptographer Matthew Green similarly said: "Apple is trying, but the problem is they aren't trying as hard as their reputation would imply." iOS security researcher Will Strafach suggested that there are many options open for Apple to allow observation and imaging of iOS devices to catch bad actors in a safe environment.

On the other hand, there is a level of concern in the security community that more openness and an increased number of system indicators could inadvertently give attackers more leverage. For example, there are already suspicious applications on macOS that antivirus tools cannot fully remove since the system gives them a heightened level of trust, potentially by mistake. It is likely that any new system privileges in iOS would likewise be used by rogue analysis tools.

Nevertheless, the discovery of Pegasus and its severity is prompting discourse around device security and calls for Apple to do more to prevent surveillance, as well as discussion around the potential need for a government-supported global ban on private spyware.

Article Link: Apple Not Trying Hard Enough to Protect Users Against Surveillance, Researchers Say
 
  • Like
Reactions: RandomDSdevel

nikaru

macrumors 6502a
Apr 23, 2009
992
1,231
"A greater level of access to the operating system itself would, they claim, help to catch attacks and vulnerabilities more easily. "

Sure...just like making easier for thieves to enter my home, I actually make it safer because it is easier to catch them.
 

Wildkraut

macrumors 68030
Nov 8, 2015
2,922
5,523
Germany
Apple is the king of lip service while Google fixes their security vulnerabilities.
Good that you mentioned this, a lot of Apple OS vulnerabilities is found and reported by Googles Project Zero Team.
If I were Google, I would stop freely reporting vulnerabilities to Apple, or ask for big sums for more infos.
Google is better at securing iOS than Apple itself, what a joke!
 

clueless88

macrumors regular
Aug 23, 2020
155
75
Oh it's another one of those American nuts again....
No, it's probably one of those people who actually read and understood Orwell's book. This is not just an American concern, look at Britain, France, Germany.... When I read 1984 decades ago, I found it disturbing but was glad that it was fiction. I re-read it last year and found it disturbing because there is a tremendous amount of overlap between Orwell's book and current technology/geopolitical environment. Again, not just limited to the US.

Data harvesting is a huge business.
 

Just sayin...

macrumors 6502
Jan 8, 2008
378
605
I’ve said it before and I’ll say it again: unless and until Apple provides full, end-to-end encryption for iCloud backups, their privacy/security words are merely “marketing-speak”.

 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.