Better privacy than Android phones. This is Apple’s one of the key selling points. But the latest Pegasus snoopgate reports busts these claims altogether. Amnesty International in its report said that “zero-click” attacks are active on iPhones. “Most recently, a successful “zero-click” attack has been observed exploiting multiple zero-days to attack a fully patched iPhone 12 running iOS 14.6 in July 2021,” it said.
The term “zero-click” means that the device has no interaction with the user and the attacks happen on its own and is not initiated by the user. These attacks are done through the NSO Group’s Pegasus spyware which can send photos, messages stored in an iPhone to the operator without any knowledge of the user. In fact, it can also secretly record audio using the microphone.
NSO Group boasts about its Pegasus spyware as a one-stop solution to track criminals and terrorists but the problem is the handlers of Pegasus are now targeting journalists, lawyers, human rights activists or anyone who speaks against power.
While Apple touts iMessage as a secure messaging platform, the report by Amnesty International may make you think twice. “The iPhone 11 of a French human rights activist (CODE FRHRD1) also showed an iMessage look-up for an account on June 11, 2021 and malicious processes afterwards. The phone was running iOS 14.4.2 and was upgraded to 14.6 the following day,” it said.
The report claimed that a bug found in 2019 permitted attackers to control a victim’s iPhone through iCloud Photo. Once Pegasus is installed, it doesn’t allow the iPhone to submit crash reports to keep Apple in the dark about it’s presence. Later, in 2020, the report claims that the Apple Music app was used to gain access to a victim’s phone. It also claimed that Pesgaus is now operating as a zero-click attack spreading through iMessage. Even the latest iOS 14.6 is vulnerable to these kinds of attacks.
It’s a cat and mouse game between Apple and NSO Group. The moment Apple patches a vulnerability, NSO Group finds another weakness to continue with its snooping with Pegasus.
“Amnesty International has observed evidence of compromise of the iPhone XR of an Indian journalist (CODE INJRN1) running iOS 14.6 (latest available at the time of writing) as recently as 16th June 2021. Lastly, Amnesty International has confirmed an active infection of the iPhone X of an activist (CODE RWHRD1) on June 24th 2021, also running iOS 14.6,” it added.