MacRumors

macrumors bot
Original poster
Apr 12, 2001
54,213
16,028


Following the news of widespread commercial hacking spyware on targeted iPhones, a large number of security researchers are now saying that Apple could do more to protect its users (via Wired).

tim-cook-privacy.jpg

Earlier this week, it was reported that journalists, lawyers, and human rights activists around the world had been targeted by governments using phone malware made by the surveillance firm NSO Group known as "Pegasus."

Now, security researchers are stating that Apple could and should do more to protect its users against advanced surveillance tools like Pegasus. Independent security researcher Cedric Owens told Wired:
It definitely shows challenges in general with mobile device security and investigative capabilities these days. I also think seeing both Android and iOS zero-click infections by NSO shows that motivated and resourced attackers can still be successful despite the amount of control Apple applies to its products and ecosystem.
The security community has frequently criticized Apple for its limits on the ability to conduct forensic investigations into the security of iOS and the use of monitoring tools. A greater level of access to the operating system itself would, they claim, help to catch attacks and vulnerabilities more easily. For example, combating spyware like Pegasus would need access to read a device's filesystem, the ability to examine which processes are running, access to system logs, and more.

Android also places limits on "observability," but the locked-down nature of iOS, in particular, has drawn the ire of security researchers because Apple has heavily leaned into its focus on privacy and strong security protections, especially compared to other platforms. SentinelOne threat researcher Juan Andres Guerrero-Saade commented:
The truth is that we are holding Apple to a higher standard precisely because they're doing so much better. Android is a free-for-all. I don't think anyone expects the security of Android to improve to a point where all we have to worry about are targeted attacks with zero-day exploits.

Johns Hopkins University cryptographer Matthew Green similarly said: "Apple is trying, but the problem is they aren't trying as hard as their reputation would imply." iOS security researcher Will Strafach suggested that there are many options open for Apple to allow observation and imaging of iOS devices to catch bad actors in a safe environment.

On the other hand, there is a level of concern in the security community that more openness and an increased number of system indicators could inadvertently give attackers more leverage. For example, there are already suspicious applications on macOS that antivirus tools cannot fully remove since the system gives them a heightened level of trust, potentially by mistake. It is likely that any new system privileges in iOS would likewise be used by rogue analysis tools.

Nevertheless, the discovery of Pegasus and its severity is prompting discourse around device security and calls for Apple to do more to prevent surveillance, as well as discussion around the potential need for a government-supported global ban on private spyware.

Article Link: Apple Not Trying Hard Enough to Protect Users Against Surveillance, Researchers Say
 
  • Like
Reactions: RandomDSdevel

thadoggfather

macrumors G5
Oct 1, 2007
13,637
12,524
Oh really? What do these same researchers have to say about Google, Amazon, Facebook et al?

its sad imo this is the knee-jerk reaction vs just examining things as they stand, insulated in a bubble, specific to Apple.

It's ok guys - we can expect more of the fruit company, and our devices won't suddenly Thanos themselves if we were to.
 
Comment

nikaru

macrumors 6502a
Apr 23, 2009
865
969
"A greater level of access to the operating system itself would, they claim, help to catch attacks and vulnerabilities more easily. "

Sure...just like making easier for thieves to enter my home, I actually make it safer because it is easier to catch them.
 
Comment

Wildkraut

macrumors 68000
Nov 8, 2015
1,793
2,780
Germany
Apple is the king of lip service while Google fixes their security vulnerabilities.
Good that you mentioned this, a lot of Apple OS vulnerabilities is found and reported by Googles Project Zero Team.
If I were Google, I would stop freely reporting vulnerabilities to Apple, or ask for big sums for more infos.
Google is better at securing iOS than Apple itself, what a joke!
 
Comment

clueless88

macrumors regular
Aug 23, 2020
136
66
Oh it's another one of those American nuts again....
No, it's probably one of those people who actually read and understood Orwell's book. This is not just an American concern, look at Britain, France, Germany.... When I read 1984 decades ago, I found it disturbing but was glad that it was fiction. I re-read it last year and found it disturbing because there is a tremendous amount of overlap between Orwell's book and current technology/geopolitical environment. Again, not just limited to the US.

Data harvesting is a huge business.
 
Comment

Just sayin...

macrumors 6502
Jan 8, 2008
336
540
I’ve said it before and I’ll say it again: unless and until Apple provides full, end-to-end encryption for iCloud backups, their privacy/security words are merely “marketing-speak”.

 
Comment
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.