In the wake of recent reports by Amnesty International and Media Organizations on the zero-click exploits spyware ‘Pegasus’ by the Israeli company, NSO has shaken the world. The findings reveal the lack of security on Apple’s iPhones and Google’s Android devices enabled authoritarian governments to hack the smartphones of journalists, political rivals, activists, and other dissents using Pegasus and subjected the victims to state violence like arrests, harassment, and in Saudi journalist Jamal Khashoggi case, even murder.
Now, cybersecurity researchers are calling out on Apple and Google to do more “to protect their users against these sophisticated surveillance tools.” Although Apple has more control over its products and ecosystems than Google’s Android devices, researchers have found that both operating systems are equally vulnerable to attacks due to their own software making it hard to track the hackers. Therefore, experts are holding Apple more accountable for not doing enough for users’ protection.
Researchers center criticism on Apple because confirmed Pegasus infections involved iPhones
Apple defended its iPhone security when news of Pegasus enabled attacks via iMessage vulnerability baffled the world. The company said that “For over a decade, Apple has led the industry in security innovation and, as a result, security researchers agree iPhone is the safest, most secure consumer mobile device on the market. Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals.”
Therefore, cybersecurity experts are holding Apple to a higher standard because it was easier to find evidence of exploitation on iOS devices than those running stock Android. Wired report states:
“In Amnesty International’s experience there are significantly more forensic traces accessible to investigators on Apple iOS devices than on stock Android devices, therefore our methodology is focused on the former,” the group wrote in a lengthy technical analysis of its findings on Pegasus. “As a result, most recent cases of confirmed Pegasus infections have involved iPhones.”
In addition, the company’s own claims on high iOS security have also led to strong criticism.
“Apple is trying, but the problem is they aren’t trying as hard as their reputation would imply,” says Johns Hopkins University cryptographer Matthew Green.
Having said that, experts are irked by Google and Apple for preventing security researchers from getting into their operating system which could help them understand how attacks are created and executed. The tech giants argue that giving such access will inherently aid bad actors as well.
But iOS security researcher Will Strafach says that the tech giants need to work for a balanced solution by offering more system indicators without making attackers’ jobs easier.
“There is a lot that Apple could be doing in a very safe way to allow observation and imaging of iOS devices in order to catch this type of bad behavior, yet that does not seem to be treated as a priority. I am sure they have fair policy reasons for this, but it’s something I don’t agree with and would love to see changes in this thinking.”
Activists are asking for a complete ban on the trade of Pegasus like spyware. Until then, tech giants have to work harder to ensure users’ safety, security, and privacy.
This is not a maximalist position, it is simply realism. You aren't even breathing the same air as a strong position until you reach criminal liability for involvement in the trade.
— Edward Snowden (@Snowden) July 20, 2021