The iPhone is not that secure, and the Pegasus hack proved it
Apple's CEO Tim Cook has been on tape many times extolling the privacy and security virtues of the iOS software and its most common carriers, the world's iPhones.
During the Facebook ad targeting debacle, Tim Cook sat down for an interview, and, when asked what he would do if he was Mark Zuckerberg at the time, quickly replied: "I wouldn’t be in this situation." Pressed again, he clarified the point further: "We could make a ton of money if our customer was our product. We’ve elected not to do that."
Not only that, but Apple prides itself in providing secure software that is very hard for malware or viruses to penetrate, and a secure communication platform like iMessage that has been end-to-end encrypted. Even the FBI hit a brick wall when it probed Apple to unlock the iPhones and extract the messaging history of the San Bernardino shooters, for instance.
How secure is the iPhone?
Very, it turns out, for the aforementioned reasons, and the built-in security or privacy protections of the iPhone are certainly more robust than on your regular Android phone that is not the Freedom Phone. We kid, but even with iPhone, there are cracks in the system, whether for legal reasons, or when skilled and determined cyber security honchos are involved.
Recently, for example, Apple notified some Congressmen from the House Intelligence Committee, and their staffers as well as family members, that it has been subpoenaed by the Justice Department to deliver their records.
Still, Apple turned in metadata as well as account information, not emails, photos, or actual message content, just the minimum it is required to reveal by law, if that's of any comfort to those that were on the receiving end of the subpoenas.
Sunday's bombshell revelation about the Israeli company's NSO Pegasus spyware that was supposed to help law enforcement in tracking criminals but ended up installed on the phones of dissidents, government opposition figures, human rights advocates and journalists across the globes, is a real red strobing light.
Yes, the Pegasus spyware can be installed on iPhones even if you don't click on a link, Amnesty International reports. Its Forensic Methodology Report debunks NSO's claims that its spyware product is exclusively used to "investigate terrorism and crime," for instance.
Amnesty found "forensic traces left on iOS and Android devices following targeting with the Pegasus spyware" that included phones of human rights defenders and journalists alike. Surprise, surprise, even those of the targeted individuals who had iPhones weren't safe from the so-called "zero-click" attacks that require no input from the user, so they might not even be aware they are running spyware even though they did everything right and didn't click on any suspicious link or whatnot.
"Most recently, a successful "zero-click" attack has been observed exploiting multiple zero-days to attack a fully patched iPhone 12 running iOS 14.6 in July 2021," says Amnesty International's Forensic Methodology Report which should raise the hair on the neck of anyone who thought they are safe just by using an iPhone.
These phone hacking devices or software have become somewhat of a cottage industry over in Israel, where the spycraft and its civilian applications intermingle more successfully than anywhere else, so it comes as a little surprise that the NSO Group has managed to create such a sophisticated iPhone and Android hacking platform.
After all, another Israeli firm was behind the notorious Cellebrite machine that law enforcement in the US, and probably some less than palatable characters too, use to gain access to your Verizon, AT&T or T-Mobile iPhones.
In any case, Apple will probably try and plug the exploit that allowed the Pegasus spyware to be installed on its iPhones in the coming iOS updates... until the next time when another exploit is used and we only learn about it post factum.