August 3, 2021

Sold as very safe, iPhones have been hacked by Pegasus for years

By Florian Reynaud

Posted today at 15:11

IPhone has enjoyed a reputation for high security for over a decade. And yet, no later than June 2021, the phone of Carine Kanimba, one of the daughters of Rwandan opponent Paul Rusesabagina, on which the latest updates were installed, was infected with Pegasus spyware without her even realizing it. It is not an isolated case. According to Amnesty International’s technical findings, the iPhone of a human rights lawyer was also targeted in June 2021, still in great secrecy.

If the spyware of the Israeli company NSO Group could have been so heavily used to violate human rights, as the investigations of the seventeen newsrooms participating in “Project Pegasus” show, it is because it cookie has for years been able to defeat the security of Apple phones. Hooking all the closed doors installed by the American manufacturer on its iPhones, Pegasus has found multiple ways to settle, against the will of its victims, to extract a host of personal and confidential information.

As soon as Pegasus was discovered by the Canadian Citizen Lab in 2016, Apple was forced to fix software vulnerabilities. At the time, researchers had discovered flaws in the functioning of WebKit, its navigation tool used by Safari and most applications on iOS, flaws that had been quickly corrected by the manufacturer.

Five steps ahead of Apple

But NSO didn’t stop there and seems to have always stayed five moves ahead of Apple. In a new detailed technical report, Amnesty International mentions new security vulnerabilities used by Pegasus, some of which allow an iPhone to be hacked remotely without the victim having to click on a malicious link, and without being able to defend himself. “Apple unequivocally condemns cyber attacks targeting journalists, human rights activists, and all those who work for a better world”reacted Ivan Krstic, one of the security managers at Apple.

A woman uses her iPhone outside the headquarters of the Israeli company NSO Group in Herzliya on August 28, 2016.

An observation that inevitably leads to wondering about the safeguards installed by Apple, which has made the security of its devices a selling point with its customers: how to explain, then, that NSO could have violated this security in a way also systematic?

You have 76.18% of this article to read. The rest is for subscribers only.