In fact, Amnesty International researchers say it was actually easier for them to find trade-off indicators and investigate Apple devices targeting Pegasus malware than those running Android.
“In Amnesty International’s experience, there are significantly more forensic clues available to investigators on Apple iOS devices than on basic Android devices, so our methodology focuses on the former,” the group wrote long ago. technical analysis of his findings on Pegasus. “As a result, the latest cases of confirmed Pegasus infections include the iPhone.”
Some focus on Apple also stems from the company’s emphasis on privacy and security in product design and marketing.
“Apple is trying, but the problem is that they’re not trying the way their reputation would know,” says Johns Hopkins University cryptographer Matthew Green.
However, even with its more open approach, Google faces similar criticism due to the visibility of security researchers who may enter its mobile operating system.
“Android and iOS have different types of records. It’s really hard to compare them, ”says Zuk Avraham, CEO of ZecOps and a longtime advocate for access to mobile information. “Each of them has an advantage, but both are equally not enough and allow the threat actors to hide.”
Apple and Google seem reluctant to reveal more digital forensic sausage production. And while most independent security researchers are pushing for change, some also acknowledge that increased access to system telemetry would also help bad actors.
“While we understand that permanent diaries would be more useful for forensic purposes like those described by Amnesty International researchers, they would be helpful to attackers as well,” a Google spokesman said in a statement to WIRED. “We’re constantly balancing these different needs.”
Ivan Krstic, head of Apple’s security engineering and architecture, said in a statement that, “Apple unequivocally condemns cyber attacks on journalists, human rights activists and others who want to make the world a better place. For more than a decade, Apple has led the industry in security innovation, and as a result, security researchers agree that the iPhone is the safest and most secure consumer mobile device on the market. Attacks like the ones described are very sophisticated, develop in the millions of dollars, often have a short lifespan, and are used to target specific individuals. While this means that they do not pose a threat to most of our users, we continue to work tirelessly to defend all of our customers and are constantly adding new protections to their devices and data. “
The trick is to achieve the right balance between offering multiple system indicators without inadvertently making things easier for attackers.
Thomas Reed, director of Macs and mobile platforms at antivirus maker Malwarebytes, says he agrees that greater insight into iOS would benefit user defense. But he adds that allowing special, reliable monitoring software would pose real risks. He points out that there are already suspicious and potentially unwanted programs on macOS that antivirus programs cannot completely remove because the operating system endows them with this special type of system trust, potentially an error. The same problem of invalid system analysis tools would almost inevitably occur on iOS as well.
“Malware nation states are also constantly being seen on desktop systems that are revealed after several years of undetected setup,” Reed adds. “And that’s on systems where there are already a lot of different security solutions. Many eyes looking for this malware are better than a few. I’m just worried about what we should replace for that visibility.”
The Pegasus project, as the consortium of researchers calls the new findings, highlights the reality that Apple and Google are unlikely to address the threat posed by private spyware vendors. The scale and scope of Pegasus’ potential targeting suggest that a global ban on private spyware may be needed.