Wesley Hilliard
Tools produced by the NSO Group may have been used to spy on journalists and and activists, and Apple has provided a response to the claims.
A report claims that tools developed to spy on criminals have been used on journalists and activists as well. The "Pegasus" tool provided by the NSO Group is capable of jailbreaking a device like an iPhone and spying on the user.
After publication of the details surrounding the cyberattacks, Apple provided a response.
Apple unequivocally condemns cyberattacks against journalists, human rights activists, and others seeking to make the world a better place. For over a decade, Apple has led the industry in security innovation and, as a result, security researchers agree iPhone is the safest, most secure consumer mobile device on the market.
Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data.
Apple devices have a reputation for being highly secure and difficult to hack or tamper with. However, a new exploit or weakness can be used to target individuals before the vulnerability is patched.
It appears that the cyberattacks were executed using a zero-click iMessage vulnerability, an Apple Music attack vector, and others. The Pegasus tool is provided by the NSO Group as a means of spying on criminals, but of course the tool can be used against good guys as well.
A group of ten governments are believed to be NSO clients, like Azerbaijan, Kazakhstan, Rwanda, and the UAE. Non-criminal targets seem to only include those who might criticize a government like journalists, so the average consumer doesn't need to fear this spyware.
Apple will likely patch any attack vectors used by Pegasus in upcoming software updates. However, this will always remain a cat-and-mouse game as long as new vulnerabilities are discovered in the wild.
Keep up with everything Apple in the weekly AppleInsider Podcast — and get a fast news update from AppleInsider Daily. Just say, "Hey, Siri," to your HomePod mini and ask for these podcasts, and our latest HomeKit Insider episode too. If you want an ad-free main AppleInsider Podcast experience, you can support the AppleInsider podcast by subscribing for $5 per month through Apple's Podcasts app, or via Patreon if you prefer any other podcast player.
AppleInsider Staff
Malcolm Owen
Oliver Haslam
Andrew O'Hara
William Gallagher
Christine McKee
9 Comments
Very responsible reply of Apple. Hope this is patched immediately.
This will be an anti-Apple media circus all while ignoring the open door that’s Android.
It appears that the NSO spyware was used to target the wife of journalist Jamal Khashoggi. She had an Android phone but the same company has hacks for the iPhone's iMessage. Apple should shut down iMessage until it can release a complete patch. If parts of it cannot be patched immediately, those features should be disabled until they can be. Roll out the fixes over time. Get ahead of this Apple.
> "Non-criminal targets seem to only include those who might criticize a government like journalists, so the average consumer doesn't need to fear this spyware."
Stick out your head above the grass and you should be wary of this kind of tech. Maybe not Pegasus per se, but there are many less sophisticated tools in use too.
Besides, what are "Non-criminal targets"? For most governments all people are potential criminals. And criminals are the ones who may disagree with you.
Tech like Pegasus will never go away because there is a big market for it. The NGO-group is making a killing. That alone puts them above any law.