Skip to main content

Apple condemns Pegasus spyware attack, says it is working on added protection

 Apple condemns Pegasus spyware attack, says it is working on added protection.. 

Apple has also noted that such attacks do not affect an overwhelming number of users and has said that the company is now working on added protections.


HIGHLIGHTS

  1. According to the forensic methodology report by Amnesty, Apple’s iPhone is the easiest to snoop on using the Pegasus software.
  2. Apple called such attacks “highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals.”
  3. The leaked database shows that iPhones running iOS 14.6 contain a zero-click iMessage exploit and this exploit could have been used to install Pegasus software

Apple, the tech giant which emphasises user privacy, was a victim of Pegasus spyware attack that snooped on journalists, activists and some government officials. In fact, according to the forensic methodology report by Amnesty, Apple’s iPhone is the easiest to snoop on using the Pegasus software. The leaked database shows that iPhones running iOS 14.6 contain a zero-click iMessage exploit and this exploit could have been used to install Pegasus software on the iPhone devices of the targeted entities. The Cupertino giant has now released a statement condemning the attack. It has also noted that such attacks do not affect an overwhelming number of users and has noted that the company is now working on added protections.

Apple’s Head of Security Engineering and Architecture, Ivan Krsti, in a statement said, "Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data,” the Apple spokesperson added.A report by Amnesty International, a global organisation which is dedicated to fighting the abuse of human rights noted that the spyware can work on any smartphone, and discovered that it was still using the iMessage exploit that was previously thought to have been fixed.

This exploit was discovered by Citizen Labs previously. Zero click attacks do not require input from the user to trigger, are virtually undetectable, and run in the background. Apple had introduced a Blastdoor framework in iOS 14 to make zero clock attacks difficult but it does not seem to be working as intended as researcher Bill Marczac.

“AmnestyTech saw an iOS 14.6 device hacked with a zero-click iMessage exploit to install Pegasus. We at @citizenlab also saw 14.6 devices hacked with a zero-click iMessage exploit to install Pegasus. All this indicates that NSO Group can break into the latest iPhones,” Marczac wrote on Twitter. “It also indicates that Apple has a MAJOR blinking red five-alarm-fire problem with iMessage security that their BlastDoor Framework (introduced in iOS 14 to make zero-click exploitation more difficult) ain't solving,” he added

Comments

Post a Comment

Popular posts from this blog

ADOPTION OF PASSWORDLESS SECURITY TAKES OFF AMID COVID-19

Adoption of passwordless security takes off amid COVID-19 E nterprises worldwide are accelerating the adoption of passwordless authentication technologies in response to the increase in cybersecurity threats in 2020, according to a new report released by HYPR, The Passwordless Company and Cybersecurity Insiders. The report " The 2021 State of Passwordless  Security " includes insights from over 425 information technology professionals, representing a cross-section of organizations of varying sizes across multiple industry verticals, globally. It uncovered the key drivers and barriers to passwordless adoption and organizations' technology preferences, based on data from Cybersecurity's 500,000-member community. 90% of survey respondents experienced phishing attacks against their organizations in 2020, 29% of those experienced credential stuffing – revealing the impact of remote working and the overall increase in attacks on legacy and password-based multi-factor aut...
1 comment
Read more

BITCOIN TRADES

Crypto exchange Binance under investigation for facilitating illegal Bitcoin trades HIGHLIGHTS Binance is reportedly under investigation in the US. The investigation intends to find out if Americans were able to make illegal trades through Binance. Officials who handle money laundering and tax offences are looking into the matter C ryptocurrency exchange Binance is reportedly undergoing an investigation for possibly facilitating illegal trades through its platform. The exchange might have helped in Bitcoin transactions worth around $756 million in 2019 that were associated with criminal activities. A recent report by Bloomberg highlights the ongoing investigation by the Internal Revenue Service and the Department of Justice, US. Binance is being investigated on the possible charges by officials who particularly handle money laundering and tax offences. The investigation aims to find out if Americans were able to make illegal trades through Binance by buying derivatives linked to digita...
Post a Comment
Read more

SLASHDOT

    Slashdot Founder:  Rob Malda, Jeff Bates Year Started:  1997 Domain Authority:  90 Slashdot  owns that old-school early 00’s vibe with its upvote features and summary resources. This technology blog is dense on open source, security, gadget reviews, product management, apps, and other similar trends. It originally presented itself as “ News for Nerds. Stuff that Matters “. Slashdot also features news stories on technology, science, and politics. The classic techy feel without the advertising distractions of the other big publications is what makes Slashdot a must-visit blog.  
Post a Comment
Read more