Security in computer systems is an ongoing cat-and-mouse game. On the one hand, software updates make it possible to close bugs that can lead to attacks, and on the other hand, certain flaws are discovered and exploited to carry out attacks. A new report from Amnesty International talks about the latter part, which indicates that the Pegasus malware has been used to infect the iPhones of journalists and political dissidents around the world.

“You can’t just create a back door for the good guys”

Amnesty International analyzed data from July 2014 to July 2021. According to the data, the attack tools created and sold by the Israeli company NSO Group, known as Pegasus, were used to spy on journalists and political dissidents without their having any records. of the situation.

Here, the words of Tim Cook come to mind: “You can’t create a backdoor just for the good guys”. Well, how right was he. While the NSO group claims to only sell its counterterrorism software, Amnesty International’s report reveals that this software was used to spy on activists, lawyers, journalists and others in similar positions.

As we said at the beginning of the article, security is like a cat and mouse game. The same report includes several of the variants that the NSO Group had to use to keep Pegasus operational because Apple closed various security holes. In 2019, for example, the attack could be carried out via the Photos app, where attackers, via the Streaming Photos service, could compromise the device. An attack which, in an effort to avoid being discovered, disabled the phone crash report so that Apple did not receive information about this exploit.

The currently active attack technique appears to be a clickless exploit in iMessage that even works on iOS 14.6, the latest available version of the iPhone operating system.

Zero-click, zero-day and iOS 14

Let’s take a brief break along the way to clarify a few concepts needed to understand attacks, as well as a quick hint on one of the many defenses that protect us from them. When we talk about a zero-day vulnerability, we are really talking about a bug that is not known. Not known to the manufacturer or security researchers anyway, as it is clear that bad actors have exploited it.

Meanwhile, if we are talking about zero clicks, as is the case with the iMessage exploit, we are referring to the fact that no clicks or interactions are required by the victim for the attack to take effect. This is the most dangerous type of attack, because common sense in dealing with certain links, messages, etc. it is not a line of defense.

This is not to say that there is no line of defense, as in certain positions or professions there are several services and configurations recommended to reduce exposure to possible attacks. In the sense of protection, Apple has improved the iMessage security system with a kind of sandbox called BlastDoor, a system that we have already explained in detail in Applesfera and which is capable of blocking the vast majority of attacks, although this is not enough to stop this particular attack.

The success of an attack depends on the motivation of the opponent

It’s a phrase we hear a lot in security and privacy environments. What he just said is that there is no system that is secure enough not to be broken by a motivated, funded and well-resourced actor. That is why we always recommend updating our devices. Doesn’t this version of the operating system have a lot of new features? Regardless, our security protections should be reason enough to always update all of our devices promptly.

Having said that, it is also very necessary to keep in mind that this type of high level attack is always targeted. This means that a tiny fraction of the hundreds of millions of iPhones around the world have been attacked. Because? Because these attacks cannot be massively distributed, a specific device must be located, tagged, and attacked, which takes time and money.

It is not known if iOS 14.7, which is expected to arrive this week, will withstand this attack. We also don’t know if iOS 15, which is currently in beta, will be. Although I hope so. That Apple gradually close these security holes so that all iPhones, from those belonging to an NYT reporter to ours, are more secure.

So clearly, you can’t just create a backdoor for the good guys. This case clearly shows that even with the intention of keeping operating systems as secure as possible, there are still bugs. Let’s not talk about what might happen if you are deliberately considering weakening your security. Ultimately, technology is now more in our lives than ever before, and it will be more and more so, clearly the way forward is to make it more secure.

Pictures | Raphiell Alfaridzy Sara Kurfeß