Following the news of widespread commercial hacking spyware on targeted iPhones, a large number of security researchers are now saying that Apple could do more to protect its users (via Wired).
Earlier this week, it was reported that journalists, lawyers, and human rights activists around the world had been targeted by governments using phone malware made by the surveillance firm NSO Group known as “Pegasus.”
Now, security researchers are stating that Apple could and should do more to protect its users against advanced surveillance tools like Pegasus. Independent security researcher Cedric Owens told Wired:
It definitely shows challenges in general with mobile device security and investigative capabilities these days. I also think seeing both Android and iOS zero-click infections by NSO shows that motivated and resourced attackers can still be successful despite the amount of control Apple applies to its products and ecosystem.
The security community has frequently criticized Apple for its limits on the ability to conduct forensic investigations into the security of iOS and the use of monitoring tools. A greater level of access to the operating system itself would, they claim, help to catch attacks and vulnerabilities more easily. For example, combating spyware like Pegasus would need access to read a device’s filesystem, the ability to examine which processes are running, access to system logs, and more.
Android also places limits on “observability,” but the locked-down nature of iOS, in particular, has drawn the ire of security researchers because Apple has heavily leaned into its focus on privacy and strong security protections, especially compared to other platforms. SentinelOne threat researcher Juan Andres Guerrero-Saade commented:
The truth is that we are holding Apple to a higher standard precisely because they’re doing so much better. Android is a free-for-all. I don’t think anyone expects the security of Android to improve to a point where all we have to worry about are targeted attacks with zero-day exploits.
Johns Hopkins University cryptographer Matthew Green similarly said: “Apple is trying, but the problem is they aren’t trying as hard as their reputation would…