In one corner, Apple, which has more than a billion active iPhones being used across the world. In the other, companies such as Israel’s NSO Group, developing spyware designed to defeat the most sophisticated security and privacy measures.
And while Apple says it is keeping pace with surveillance tools that are used to attack its phones – it boasts of creating “the most secure consumer platform in the world” – research undertaken as part of the Pegasus project paints a more worrying picture.
The malware, it appears, has been one step ahead.
That, at least, is the conclusion of new technical research by Amnesty International, which suggests that even the most up-to-date iPhones running the latest operating system have still been penetrated by NSO Group’s Pegasus spyware.
This has led to some people’s mobiles being turned into portable surveillance devices, giving complete access to numbers, text messages, photos. Everything.
The disclosure points to a problem security researchers have been warning about for years: that despite its reputation for building what is seen by millions of customers as a secure product, some believe Apple’s closed culture and fear of negative press have harmed its ability to provide security for those targeted by governments and criminals.
With the technical support of Amnesty International, the project has investigated a leaked list of tens of thousands of mobile phone numbers – linked to both Apple and Android handsets.
While it was only possible to test a fraction of the phones that were listed for potential surveillance, the scale of what appears to have been a pool of possible targets suggests that customers of the world’s most sophisticated spyware company have not been deterred by security advances made by companies such as Apple.
Most experts agree that the iPhone’s greatest vulnerability is also one of its most popular features: iMessage, which Apple announced earlier this year it had sought to bolster. One method the company has used is to create a feature called BlastDoor, which screens suspect messages before they delve too deeply into a phone.
In a statement, the iPhone maker said:
“Apple unequivocally condemns cyber-attacks against journalists, human rights activists, and others seeking to make the world a better place. For over a decade, Apple has led the industry in security innovation and, as a result, security researchers agree iPhone is the safest, most secure consumer mobile device on the market.”
Apple also said that security was a dynamic field and that its BlastDoor was not the end of its efforts to secure iMessage.