Apple also found that such attacks don’t affect an overwhelming number of users, saying the company is now working on additional protections.
(Image: Reuters)
HIGHLIGHTS
- According to Amnesty’s Forensic Methods Report, Apple’s iPhone is the easiest to sniff using the Pegasus software.
- Apple described such attacks as “very sophisticated, the development costs millions of dollars, is often only for a short time and is used to attack certain people.”
- The leaked database shows that iPhones with iOS 14.6 contained a zero-click iMessage exploit and that this exploit could have been used to install Pegasus software.
Apple, the technology giant that values user privacy, was the victim of a Pegasus spyware attack that spied on journalists, activists and some government officials. According to Amnesty’s Forensic Methods Report, the easiest way to sniff Apple’s iPhone is using the Pegasus software. The leaked database shows that iPhones with iOS 14.6 contained a zero-click iMessage exploit and that this exploit could have been used to install Pegasus software on target iPhone devices. The Cupertino giant has now released a statement condemning the attack. It has also determined that such attacks do not affect an overwhelming number of users, and has found that the company is now working on additional safeguards.
Ivan Krsti, Apple’s Head of Security Engineering and Architecture, said in a statement, “Attacks like the one described are very sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific people that means they do not pose a threat to the overwhelming majority of our users, but we continue to work tirelessly to protect all of our customers and we are constantly adding new safeguards to their devices and data, but that means they are not a threat to the overwhelming majority . of our users, we continue to work tirelessly to defend all of our customers, and we are constantly adding new safeguards for their devices and data, ”added the Apple spokesman.
A report from Amnesty International, a global organization dedicated to fighting human rights abuses, found that the spyware can work on any smartphone and found that it is still using the iMessage exploit previously believed to have been fixed.
This exploit was previously discovered by Citizen Labs. Zero-click attacks require no user input to trigger, are practically undetectable and run in the background. Apple introduced a blastdoor framework in iOS 14 to make zero clock attacks more difficult, but it doesn’t seem to work the way researcher Bill Marczac intended.
“AmnestyTech saw that an iOS 14.6 device was hacked with a zero-click iMessage exploit in order to install Pegasus. We at @citizenlab also saw 14.6 devices hacked with a zero-click iMessage exploit in order to install Pegasus. All of this indicates that the NSO Group can infiltrate the latest iPhones, ”Marczac wrote on Twitter. “It also indicates that Apple has an IMPORTANT five-alarm flashing red fire problem with iMessage security that their BlastDoor framework (introduced in iOS 14 to make it harder to take advantage of zero clicks) is not resolving “, he added.
Click here for IndiaToday.in’s full coverage of the corona pandemic.
إرسال تعليق