Apple has come under pressure to collaborate with its Silicon Valley rivals to fend off the common threat of surveillance technology after a report alleged that NSO Group’s Pegasus spyware was used to target journalists and human rights activists.
Amnesty International, which analyzed dozens of smartphones targeted by clients of NSO, said Apple’s marketing claims about its devices’ superior security and privacy had been “ripped apart” by the discovery of vulnerabilities in even the most recent versions of its iPhones and iOS software.
“Thousands of iPhones have potentially been compromised,” said Danna Ingleton, deputy director of Amnesty’s tech unit. “This is a global concern—anyone and everyone is at risk, and even technology giants like Apple are ill-equipped to deal with the massive scale of surveillance at hand.”
Security researchers said Apple could do more to tackle the problem by working with other tech companies to share details about vulnerabilities and vet their software updates.
“Apple unfortunately does a poor job at that collaboration,” said Aaron Cockerill, chief strategy officer at Lookout, a mobile security provider. He described iOS as a “black box” compared with Google’s Android, where he said it was “much easier to identify malicious behavior."
Amnesty worked with the journalism nonprofit group Forbidden Stories and 17 media partners on the “Pegasus Project” to identify alleged targets of surveillance.
NSO, which has said its technology was designed to target only criminal or terrorist suspects, described the Pegasus Project’s claims as “false allegations” and “full of wrong assumptions and uncorroborated theories."
Amnesty’s research found that several attempts to steal data and eavesdrop on iPhones had been made through Apple’s iMessage using so-called zero-click attacks, which do not require the user to open a link.