- Apple’s iPhones are a lot less secure than Apple says, according to a new report.
- “Apple has a MAJOR blinking red five-alarm-fire problem with iMessage security,” one cybersecurity researcher said.
- An iMessages security exploit was used by an Israeli spyware firm to give hackers access to iPhones.
- Visit the Business section of Insider for more stories.
Apple’s iPhone isn’t as secure as Apple says it is, according to a bombshell new report from a group of media outlets and Amnesty International.
“Apple has a MAJOR blinking red five-alarm-fire problem with iMessage security,” Citizen’s Lab Senior Research Fellow Bill Marczak said on Sunday.
Hackers were reportedly able to remotely access and replicate data from phones tied to 37 people, primarily reporters and executives, using a software tool named Pegasus created by NSO Group.
The software is sold to governments and is considered a military-grade hacking service. With Pegasus, hackers are able to infect phones with so-called “zero-click” texts through iMessage, meaning the target user doesn’t even have to interact with the text to have their phone breached.
Moreover, the report found that even the most up to date firmware and iPhone hardware can be breached by Pegasus.
Forensic reports completed by Amnesty International and verified by Citizen’s Lab found that even iPhones running iOS 14.6, the latest version of Apple’s mobile operating system, were susceptible to being hacked. “All this indicates that NSO Group can break into the latest iPhones,” Marczak said.
One such target with an iPhone was the fiance of slain Washington Post reporter Jamal Khashoggi, according to the report. A forensic analysis of Hatice Cengiz’s iPhone found evidence of multiple breaches starting in early October 2018 – immediately following Khashoggi’s assassination on October 2, 2018.
“Why do people say the iPhone is the more safe phone, that no one can hack?” Cengiz asks Washington Post reporter Dana Priest in a recent PBS Frontline segment regarding the spyware. “That’s what [Apple] says, the company,” Priest responds. “That’s not true.”