Apple has made serious mistakes this year, risking the usual blind trust in the security of its brand. But the iPhone maker has just addressed the most serious of those issues, while giving its billion-plus iPhone users a reason to check their firmware.
When Apple’s iMessage was reportedly targeted by Israeli spyware earlier this year, the iPhone maker was heavily criticized for its near silence on the attacks and for the lack of clarity for users. You’ll likely remember the iOS 14.7 debacle, the “is it fixed or isn’t” debate across security professionals, before concluding that it wasn’t, probably.
The issue for Apple was twofold. First, that its “black box” approach to keeping its OS locked down from security analysts and software made it difficult for anyone to conclude or confirm anything of consequence unless it came from Apple; and second, that Apple wasn’t saying much beyond a high-level statement. Confusion reigned.
I was critical of Apple at the time, arguing that the company had a duty of care to be more open with its users. Is there an issue and how serious is it? How can users check devices for compromises? When will it be fixed and what can be done in the meantime to stay safe? The fact that this particular attack was very targeted isn’t a get-out, not when we’re all encouraged to be cyberchondriacs by the current threat landscape.
WhatsApp’s boss weighed in at the time, having been very open on the issue after his platform was very publicly targeted in 2019, resulting in Facebook suing NSO. “I hope that Apple will start taking that approach too—be loud, join in,” he said. “It’s not enough to say, most of our users don’t need to worry about this. It’s not enough to say ‘oh this is only thousands or tens of thousands of victims’… If anyone’s phone is not secured that means everyone’s phone is not secure.”
Well Apple has now been very loud and is very much joining in. The company’s lawsuit against NSO, “to curb the abuse of state-sponsored spyware,” has been headline news. Not only does this see Apple join Facebook in seeking to use legal redress to dismantle…