Researchers: NSO Group’s Pegasus Spyware Should Spark Bans, Apple Accountability
#1
Information 
Quote:News of a zero-click zero-day in Apple’s iMessage feature being incorporated into the notorious Pegasus mobile spyware from NSO Group has drawn a variety of reactions from the security community, including concerns about the security of Apple’s closed ecosystem, and varying views on NSO Group’s culpability for how Pegasus is used.
 
Since its initial discovery by Lookout and Citizen Lab in 2016, Pegasus has continued to evolve, making it easier and easier to infect mobile devices, noted Aaron Cockerill, chief strategy officer at Lookout. In fact, this isn’t even the first zero-click zero-day used by the surveillance solution.
 
“It has advanced to the point of executing on the target’s mobile device without requiring any interaction by the user, which means the operator only has to send the malware to the device,” he told Threatpost. “Considering the number of apps iOS and Android devices have with messaging functionality, this could be done through SMS, email, social media, third-party messaging, gaming or dating apps.”
 
That’s a problem, he said, especially given that as a closed ecosystem, Apple’s code is not publicly available for review and bug hunting (though Apple does have a private bug-bounty program).
 
“This means vulnerabilities may remain undiscovered by attackers for longer, but they may also not be so readily discovered and reported by security researchers and other responsible parties,” Cockerill said. “On top of ensuring the security and integrity of its own software, Apple faces the additional challenge of doing the same for millions of apps developed by third parties and submitted to the App Store.”
 
He added, “Apple aims their statements about security and privacy at consumers. However, the majority of the individuals targeted by the NSO group are not categorized as typical consumers and Apple needs to recognize that securing these individuals may require help from third parties.”

Read more: Researchers: NSO Group's Pegasus Spyware Should Spark Bans, Apple Accountability | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
QOwnNotes 19.1.6
24.12.4 The wel...Kool — 12:56
INTEL Arc Graphics 32.0.101.6325/6253 dr...
Highlights Fix...harlan4096 — 11:06
GFYI [Official] Revo Uninstaller Pro v5...
"Share feedback...damien76 — 09:01
GFYI [Official] SpyShelter PRO v15 Chri...
Merry Christmas and ...damien76 — 08:56
GFYI [Official] IObit Christmas 2024 Bl...
Merry Christmas and ...damien76 — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
jasonX's profile jasonX
Administrator

>