Skip to main content

Apple condemns Pegasus spyware attack, says it is working on added protection

 Apple condemns Pegasus spyware attack, says it is working on added protection.. 

Apple has also noted that such attacks do not affect an overwhelming number of users and has said that the company is now working on added protections.


HIGHLIGHTS

  1. According to the forensic methodology report by Amnesty, Apple’s iPhone is the easiest to snoop on using the Pegasus software.
  2. Apple called such attacks “highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals.”
  3. The leaked database shows that iPhones running iOS 14.6 contain a zero-click iMessage exploit and this exploit could have been used to install Pegasus software

Apple, the tech giant which emphasises user privacy, was a victim of Pegasus spyware attack that snooped on journalists, activists and some government officials. In fact, according to the forensic methodology report by Amnesty, Apple’s iPhone is the easiest to snoop on using the Pegasus software. The leaked database shows that iPhones running iOS 14.6 contain a zero-click iMessage exploit and this exploit could have been used to install Pegasus software on the iPhone devices of the targeted entities. The Cupertino giant has now released a statement condemning the attack. It has also noted that such attacks do not affect an overwhelming number of users and has noted that the company is now working on added protections.

Apple’s Head of Security Engineering and Architecture, Ivan Krsti, in a statement said, "Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data,” the Apple spokesperson added.A report by Amnesty International, a global organisation which is dedicated to fighting the abuse of human rights noted that the spyware can work on any smartphone, and discovered that it was still using the iMessage exploit that was previously thought to have been fixed.

This exploit was discovered by Citizen Labs previously. Zero click attacks do not require input from the user to trigger, are virtually undetectable, and run in the background. Apple had introduced a Blastdoor framework in iOS 14 to make zero clock attacks difficult but it does not seem to be working as intended as researcher Bill Marczac.

“AmnestyTech saw an iOS 14.6 device hacked with a zero-click iMessage exploit to install Pegasus. We at @citizenlab also saw 14.6 devices hacked with a zero-click iMessage exploit to install Pegasus. All this indicates that NSO Group can break into the latest iPhones,” Marczac wrote on Twitter. “It also indicates that Apple has a MAJOR blinking red five-alarm-fire problem with iMessage security that their BlastDoor Framework (introduced in iOS 14 to make zero-click exploitation more difficult) ain't solving,” he added

Comments

Post a Comment

Popular posts from this blog

INTERNET OF THINGS (IOT)

  Internet of Things (IoT) Another promising new technology trend is IoT. Many “things” are now being built with WiFi connectivity, meaning they can be connected to the Internet—and to each other. Hence, the Internet of Things, or IoT. The Internet of Things is the future, and has already enabled devices, home appliances, cars and much more to be connected to and exchange data over the Internet. As consumers, we’re already using and benefitting from IoT. We can lock our doors remotely if we forget to when we leave for work and preheat our ovens on our way home from work, all while tracking our fitness on our Fitbits. However, businesses also have much to gain now and in the near future. The IoT can enable better safety, efficiency and decision making for businesses as data is collected and analyzed. It can enable predictive maintenance, speed up medical care, improve customer service, and offer benefits we haven’t even imagined yet. And we’re only in the beginni...
Post a Comment
Read more

CNET

  CNET Founder:  Halsey Minor, Shelby Bonnie Year Started:  1994 Domain Authority:  93 Following the latest trends in consumer technology with steadfast precision,  CNET  is one of the top technology blogs you can find on this list. CNET stays ahead of the curve by spreading its hands on all sorts of incredible tech products, trends and offering unbiased reviews. It offers trusty guides, instructional videos, and up-to-the-minute news on everything from technology to sports. Especially, when considering to buy a new gadget, CNET should be your first stop to provide a genuine review, pricing, making it one of the best technology blogs to check out.  
1 comment
Read more

ADOPTION OF PASSWORDLESS SECURITY TAKES OFF AMID COVID-19

Adoption of passwordless security takes off amid COVID-19 E nterprises worldwide are accelerating the adoption of passwordless authentication technologies in response to the increase in cybersecurity threats in 2020, according to a new report released by HYPR, The Passwordless Company and Cybersecurity Insiders. The report " The 2021 State of Passwordless  Security " includes insights from over 425 information technology professionals, representing a cross-section of organizations of varying sizes across multiple industry verticals, globally. It uncovered the key drivers and barriers to passwordless adoption and organizations' technology preferences, based on data from Cybersecurity's 500,000-member community. 90% of survey respondents experienced phishing attacks against their organizations in 2020, 29% of those experienced credential stuffing – revealing the impact of remote working and the overall increase in attacks on legacy and password-based multi-factor aut...
1 comment
Read more