In fact, Amnesty International researchers stated that they are actually easier to find indicators of compromise and investigate Apple devices targeting Pegasus malware than devices running native Android.
“According to the experience of Amnesty International, investigators obtained significantly more forensic traces on Apple iOS devices than stock Android devices, so our approach focuses on the former,” the organization wrote in a lengthy article. technical analysis Its discovery on Pegasus. “Therefore, the recently confirmed cases of Pegasus infection all involve the iPhone.”
Some of the concern for Apple also stems from the company’s own emphasis on privacy and security in product design and marketing.
“Apple is trying, but the problem is that they are not working as hard as their reputation implies,” said Johns Hopkins University cryptographer Matthew Green.
However, even with a more open approach, Google faces similar criticisms that security researchers have access to the visibility of its mobile operating system.
“Android and iOS have different types of logs. It is difficult to compare them,” said Zuk Avraham, CEO of the ZecOps analysis group and a long-time advocate of access to mobile system information. “Each has an advantage, but they are equally inadequate and enable threat actors to hide.”
However, Apple and Google do not seem to be willing to disclose more about the production process of digital forensic sausages. Although most independent security researchers support this shift, some also admit that increasing access to system telemetry will also help bad actors.
In a statement to Wired, a Google spokesperson said: “Although we know that persistent logs are more helpful for the forensic uses described by Amnesty International researchers, they are also helpful to attackers. We are constantly balancing these. Different needs.”
Ivan Krstić, Apple’s head of security engineering and architecture, said in a statement, “Apple clearly condemns cyber attacks against journalists, human rights activists, and others who seek to make the world a better place. For more than a decade, Apple has been innovating in security. As a result, security researchers agree that the iPhone is the safest and most secure consumer mobile device on the market. The described attacks are very complex, cost millions of dollars in development, and usually have a short shelf life. Targeting specific individuals. Although this means that they will not pose a threat to the vast majority of our users, we will continue to work tirelessly to protect all customers and continue to add new protections to their devices and data.”
The trick is to strike the right balance between providing more system indicators without inadvertently making the attacker’s job too easy.
Thomas Reed, head of Mac and mobile platforms at antivirus manufacturer Malwarebytes, said he agrees that more knowledge of iOS will benefit users’ defenses. But he added that allowing the use of special, credible monitoring software would bring real risks. He pointed out that suspicious and potentially harmful programs already exist on macOS, and anti-virus software cannot completely delete them because the operating system gives them this special type of system trust, which may cause errors. The same problem with rogue system analysis tools will almost inevitably appear on iOS.
“We have also been seeing national-level malware on desktop systems, which were only discovered after years of undetected deployment,” Reed added. Better than a few. I’m just worried about what we must exchange for this kind of popularity. “
The Pegasus project, as the new discovery described by the Alliance of Researchers, emphasizes the reality that Apple and Google are unlikely to address the threat posed by private spyware vendors alone. The scale and scope of Pegasus’ potential targets indicate that it may be necessary to ban private spyware globally.