Amnesty International researchers published a toolkit to help anyone scan their iPhone and Android devices for evidence of compromise by NSO's Pegasus spyware
Over the weekend, an international consortium of news outlets reported that several authoritarian governments — including Mexico …
TechCrunch Zack Whittaker
Related Coverage
- Mobile Verification Toolkit GitHub
- Pegasus Project: Apple iPhones compromised by NSO spyware Amnesty International · Danna Ingleton
- View article Macworld
- Pegasus: Amnesty releases new tool to check whether invasive spyware is secretly installed on a phone The Independent · Adam Smith
- View article The Economic Times
- U.S. and E.U. security officials wary of NSO links to Israeli intelligence Washington Post
- You can check your iPhone for Pegasus spyware (unlikely as it is) 9to5Mac · Ben Lovejoy
- View article KnowTechie
- View article CNET
- View article fossbytes.com
- View article iPhone Hacks
- Pegasus: Why unchecked snooping threatens India's democracy BBC · Soutik Biswas
- View article phonearena.com
- You can check you haven't been targeted by Pegasus spyware but it's a pain iMore · Oliver Haslam
- Leaked NSO Group Data Hints at Widespread Pegasus Spyware Infections Threatpost · Tom Spring
- Oh great, now I've gotta check my phone for Pegasus spyware? TNW · Abhimanyu Ghoshal
- India IT minister denies illegal use of NSO Pegasus spyware The Register · Simon Sharwood
- Spyware scandal revives push against government access to encrypted messages Politico
- Everything you need to know about the Pegasus spyware infecting smartphones Cult of Mac · Killian Bell
- Hold NSO accountable, says WhatsApp chief The Economic Times · Anumeha Chaturvedi
- The Pegasus project part 1: an invitation to Paris The Guardian
- Edward Snowden Calls For Spyware Trade Ban Amid Pegasus Revelations Slashdot · BeauHD
- Snowden calls for international ban on spyware following NSO Group revelation Input · Tom Maxwell
- Pegasus project turns spotlight on spyware firm NSO's ties to Israeli state The Guardian
- Amazon Shuts Down NSO Group Infrastructure VICE · Joseph Cox
- French prosecutor opens probe after Pegasus spyware complaint Reuters
- “Clickless” exploits from Israeli firm hacked activists' fully updated iPhones Ars Technica · Dan Goodin
- Here's what you need to know about NSO Group's Pegasus spyware CNET · Stephen Shankland
- What Apple said about Pegasus breaching the iPhone's core security Philip Elmer‑DeWitt · Philip Elmer-DeWitt
- Washington Post: Investigation finds Israeli-designed spyware was used to hack journalists and activists around the world CNN · Devan Cole
- What's the Pegasus Project? 17 news outlets are working together to cover spyware on a mass scale WRAL TechWire · Brian Stelter
- France investigates alleged spyware use against dissidents Associated Press
- Amazon Cuts Off Service to NSO Spyware Firm Behind iPhone Hacks Gizmodo · Lucas Ropek
- Amazon Web Services shuts down infrastructure linked to Pegasus vendor NSO Group MediaNama · Sarvesh Mathi
- NSO Group able to hack iPhone 12 and recent iOS with Pegasus spyware iTnews · Juha Saarinen
- Pegasus Mobile Spyware used to target journalists, activists, and more Zimperium Mobile Security Blog · Richard Melick
- So What's Up With This NSO Group Pegasus Thing Anyway? The Mac Observer · Andrew Orr
- Indian activists jailed on terrorism charges were on list with surveillance targets Washington Post
- Israeli company's Pegasus spyware allegedly used to hack journalists, politicians, activists worldwide SiliconANGLE · James Farrell
- EXPLAINER: Target List of Israeli Hack-for-Hire Firm Widens SecurityWeek
- Key Modi rival Rahul Gandhi among potential Indian targets of NSO client The Guardian · Michael Safi
- Apple security updates Apple Support
- That iPhone Pegasus spyware threat is much ado about Android Macworld · The Macalope
- Pegasus spying reports ‘completely unacceptable,’ says EU's von der Leyen DW.COM
- ⌥ Security Is the Story We Have, Not the Story We Want to Have Pixel Envy · Nick Heer
Discussion
-
@markscott82
Mark Scott
on x
It's not just authoritarian govts that want access to people's encrypted messages. Officials across US, EU, UK and Australia are also gunning for their own backdoors. 👇 https://twitter.com/...
-
@john_hudson
John Hudson
on x
NEW: The phone number of Biden's Iran deal negotiator Rob Malley was among the list of 50,000 phone numbers obtained by the Pegasus project, which includes journalists and human rights activists infected with spyware by the Israeli firm NSO 1/ https://www.washingtonpost.com/ ...
-
@jsrailton
John Scott-Railton
on x
21. BREAKING: Americans 🇺🇸 including US. Gov. officials are on the #PegasusProject list... ...even the #Biden administration's lead Iran negotiator Robert Malley! #NSOGroup is an urgent national security problem for the United States. https://www.washingtonpost.com/ ... https://t…
-
@evan_greer
Evan Greer
on x
this is great https://twitter.com/...
-
@zackwhittaker
Zack Whittaker
on x
It's a really great project built by the same Amnesty researchers who confirmed Pegasus infections on victims' phones. MVT lets anyone take a backup of their phone and scan for indicators of compromise associated with Pegasus. https://techcrunch.com/... https://t.co/dhoImNvw4P
-
@matthew_d_green
Matthew Green
on x
Hope @IsMyPhoneHacked adds NSO detection soon.
-
@zackwhittaker
Zack Whittaker
on x
MVT runs in the terminal. You have to feed in the Pegasus IOCs (which Amnesty provides), and the whole scan lasted about a minute. An iPhone I checked flagged a false positive (since fixed in the IOCs). A rescan with updated IOCs gave back the all-clear. https://techcrunch.com/..…
-
@zackwhittaker
Zack Whittaker
on x
New: Amnesty researchers published a toolkit for the #PegasusProject to help anyone scan their iPhone and Android devices for evidence of compromise by NSO's Pegasus spyware. Mobile Verification Toolkit (MVT) is easy to use (even I figured it out). https://techcrunch.com/...
-
@zackwhittaker
Zack Whittaker
on x
NSO issued a statement today, saying two things: 1) Pegasus wasn't involved in Jamal Khashoggi's murder, and 2) it doesn't have visibility into what customers do or who they target with Pegasus. These two statement seem to be in conflict. Statement here: https://www.nsogroup.com/…
-
@ahmetasabanci
@ahmetasabanci
on x
Fully agree with @Snowden on this one. No “better vetting” or “deeper investigation”, just a total ban on all kinds of spyware and companies making it. And put all those people working at NSO on trial for the crimes committed with their tools. https://www.theguardian.com/ ...
-
@elhamfakhro
@elhamfakhro
on x
Female activists are often targeted with kompromat (compromising material). In Azerbaijan, intimate photos of a civil society activist were leaked onto a fake Facebook page. In Saudi, activist Loujain al-Hathloul was selected for possible targeting weeks before her 2018 abduction…
-
@dawnmenaorg
Dawn Mena
on x
The selection of activists, dissidents and journalists by NSO clients paints a very different picture, though one that campaigners will say was grimly predictable given the tool has been sold to some of the world's most repressive regimes.https://theguardian.com/ ...
-
@marcowenjones
Marc Owen Jones
on x
Yup, this is why privacy is paramount and the ridiculous saying “if you're not doing anything wrong you don't have anything to worry about” is absurd https://twitter.com/...
-
@wcathcart
Will Cathcart
on x
The spyware industry is out of control and it must be stopped. https://twitter.com/...
-
@maasalan
@maasalan
on x
Systems and regulations have been broken for a very long time, yet nothing has been done. Iranians struggle to access basic app stores and Internet services because of sanctions, meanwhile Israel is selling military-grade surveillance equipment to authoritarian governments. https…
-
@marietjeschaake
Marietje Schaake
on x
Pegasus Project sheds new light on the victims of NSO's spyware. But let's not pretend these important revelations also reveal this sector for the first time. The depth of harms has been well known for more than a decade now. Traders act with impunity ↘️ https://www.theguardian.c…
-
@washingtonpost
@washingtonpost
on x
Military-grade Israeli spyware was used in attempted and successful hacks of 37 smartphones belonging to journalists, human rights activists, business executives and the fiancee of murdered Saudi journalist Jamal Khashoggi, a global investigation finds. https://www.washingtonpost…
-
@rohanv
Rohan Venkat
on x
Government of India: “Reports [of Pegasus hacking] had no factual basis and were categorically denied by all parties, including WhatsApp.” Meanwhile, actual head of WhatsApp: https://twitter.com/...
-
@josephfcox
Joseph Cox
on x
Newly released NSO linked domains https://github.com/... https://twitter.com/...
-
@wcathcart
Will Cathcart
on x
This groundbreaking reporting from @Guardian, @WashingtonPost, and many others demonstrates what we and others have been saying for years: NSO's dangerous spyware is used to commit horrible human rights abuses all around the world and it must be stopped. https://www.theguardian.c…
-
@fbdnstories
Forbidden Stories
on x
India, Hungary, Morocco, Azerbaijan: as part of the #PegasusProject, @FbdnStories and 16 media organizations have identified more than 180 journalists around the world, all selected as potential targets of spyware. Our investigation: https://forbiddenstories.org/ ...
-
@snowden
Edward Snowden
on x
There are certain industries, certain sectors, from which there is no protection. We don't allow a commercial market in nuclear weapons. If you want to protect yourself you have to change the game, and the way we do that is by ending this trade. https://www.theguardian.com/ ...
-
@anujsrivas
Anuj Srivas
on x
Citizen Lab, the org that partially laid the groundwork for WhatsApp's lawsuit against NSO, did a peer review of Amnesty's methodology and found it to be sound. They had done 4 blind tests too and came to the same conclusions.👇 https://citizenlab.ca/...
-
@drewharwell
Drew Harwell
on x
@SushantSin @Snowden Omar Radi, a Moroccan journalist who exposed government corruption and was hacked by an NSO client believed to be the Moroccan government ( https://www.theguardian.com/ ...), was sentenced today to 6 years in prison: https://cpj.org/...
-
@josephfcox
Joseph Cox
on x
Amazon shuts down some NSO Group infrastructure. Comes after researchers found clear links between Amazon's CloudFront product and real world hacks using NSO, including on a French human rights lawyer https://www.vice.com/...
-
@snowden
Edward Snowden
on x
This is an industry that should not exist: they don't make vaccines—the only thing they sell is the virus. https://www.theguardian.com/ ...
-
@amnesty
@amnesty
on x
BREAKING: Thousands of iPhones have potentially been compromised. Our forensic analysis has uncovered irrefutable evidence that through iMessage zero-click attacks, NSO's spyware has successfully infected iPhone 11 and iPhone 12 models. #PegasusProject https://www.amnesty.org/...
-
@thedeshbhakt
@thedeshbhakt
on x
Forget autocratic governments that didn't have much of a reputation to begin with. The #PegasusProject also has ripped apart @Apple's balderdash over iPhone security- perhaps the ONLY area that was allegedly superior to Android phones. Will Cupertino folks explain the tall lies? …
-
@washingtonpost
@washingtonpost
on x
NSO Group has said repeatedly that its surveillance tools do not work against smartphones based in the United States, but Americans traveling overseas and using foreign cellphones may not enjoy that protection. https://www.washingtonpost.com/ ...
-
@snowden
Edward Snowden
on x
Stop what you're doing and read this. This leak is going to be the story of the year: (LINK: https://t.co/...) https://twitter.com/...
-
@nramind
N. Ram
on x
Shocking, yes, by normal standards — but should we really be shocked by these revelations about India's authoritarian regime? Who else but the Union government or its agencies could have done this? https://www.theguardian.com/ ...
-
@scottadamssays
Scott Adams
on x
I operate under the assumption that all of my communications are compromised. https://twitter.com/...
-
@safimichael
Michael Safi
on x
NEW from the Pegasus Project: An NSO client we believe was Narendra Modi's government hacked an opposition campaign manager during this year's West Bengal elections and identified Rahul Gandhi, his friends and staff as possible surveillance targets https://www.theguardian.com/ ..…
-
@free_thinker
Pratik Sinha
on x
Citizen Lab (@citizenlab) peer-reviewed the above report by Amnesty and the methodology used by Amnesty, and have stated that the findings are sound. https://citizenlab.ca/... 4/4
-
@abirghattas
Abir Ghattas
on x
Amazing work by @AmnestyTech and its media partners! The team and the journos had access to over 50k phone numbers of people of interest by clients of spyware company #NSO. It includes world leaders, activists and journalists. https://www.amnesty.org/...
-
@snowden
Edward Snowden
on x
If we don't do anything to stop the sale of this technology, it's not just going to be 50,000 targets. It's going to be 50 million targets, and it's going to happen much more quickly than any of us expect. https://www.theguardian.com/ ...
-
@matthew_d_green
Matthew Green
on x
It's really amusing to me that people with any kind of reputation would join NSO and not expect to get horribly burned.
-
@matthew_d_green
Matthew Green
on x
Remember when NSO announced that big “governance and compliance” committee, which was supposed to keep it from pointing their spy tools at journalists and opposition political leaders? What happened to that.
-
@matthew_d_green
Matthew Green
on x
I wonder if Tom Ridge and Gerard Araud are feeling upset about all this. I know Juliette Kayyem already left.
-
@snowden
Edward Snowden
on x
They spied on the opposition. They spied on judges, journalists, and even teachers. They spied on their wives and children, their doctors — and priests. It is unbelievable how deep this story goes. https://www.theguardian.com/ ...
-
@drparameshwara
Dr. G Parameshwara
on x
Alarming! “A powerful surveillance tool licensed only to governments was used to infiltrate mobile phones belonging to at least seven people in India and was active on some of their devices as recently as this month.” https://www.washingtonpost.com/ ...
-
@rajuparulekar
Raju Parulekar
on x
Thread. Largest Undemocracy https://twitter.com/...
-
@safimichael
Michael Safi
on x
Much more to come from India and around the world today and over the next days https://twitter.com/...
-
@seemay
Seema Chishti
on x
What else was Watergate that forced Nixon to resign? https://twitter.com/...
-
@jslaternyc
Joanna Slater
on x
It also said that “any interception... is done as per due process of law.” It did not respond to our question asking whether any arm of the government has ever been an NSO client. https://www.washingtonpost.com/ ...
-
@anjalib_
Anjali Bhardwaj
on x
So basically before the 2019 elections, the BJP govt potentially surveilled phones belonging to the main opposition leaders and their aides, journalists, civil society activists AND an election commissioner!!! If this isn't subversion of electoral democracy, what is? https://twit…
-
@faizanlakhani
Faizan Lakhani
on x
“The records included at least one number once used by Pakistani Prime Minister Imran Khan, as well as hundreds of others in the country. Khan did not respond to a request for comment.” https://www.washingtonpost.com/ ...
-
@vikramchandra
Vikram Chandra
on x
This thread from @jslaternyc has many of the names on “the list” including Rahul Gandhi, Prashant Kishor, Ashok Lavasa, PS Patel and new IT minister Ashwini Vaishnaw... https://twitter.com/...
-
@seemay
Seema Chishti
on x
*11* numbers used by the former court assistant and her family were put under #Pegasus surveillance. https://twitter.com/...
-
@palshikarsuhas
Suhas Palshikar
on x
Those who refused to be shocked in all these seven years are unlikely to be shocked Now! They have good shock absorbers. https://twitter.com/...
-
@parasnsingh95
Paras Nath Singh
on x
Virologist Gagandeep Kang struggled to imagine why she would be deemed a target of surveillance. “I lead a very, very boring life,” she said. https://twitter.com/...
-
@suchitrav
Suchitra Vijayan
on x
Well this is what most people predicted or thought was going on— this is also just the tip of the iceberg. What we do not know is this — the extent to which @narendramodi has enabled absolute use of un fretted power and dissolved all semblance of accountability. https://twitter.c…
-
@saurabhtodi
Saurabh Todi
on x
This is definitely intriguing. Also, it may be imprudent to assume that all Indians were exclusively targeted by Indian agencies. Many other govts or spy agencies might benefit from obtaining kompromat on many among those named in these lists. This merits deeper investigation. ht…
-
@shekhargupta
Shekhar Gupta
on x
The biggest surprise is the name of Gagandeep Kang. She's among India's foremost virology/vaccinology experts, a member of the Royal Society. Who'd want to eavesdrop on her, and why... https://twitter.com/...
-
@jslaternyc
Joanna Slater
on x
How extensively was Pegasus spyware used in the world's largest democracy? We found forensic evidence that it was active on Indian phones as recently as *last week*. Read more here and below... 1/ https://www.washingtonpost.com/ ...
-
@dhrubachoudhur5
Dhruba Budhadeb Choudhury
on x
The spyware is sold to governments to fight terrorism. In India, it was used to hack journalists & others... The confirmed infections of seven phones represent a tiny fraction of what may be a vast surveillance net in Modi's India... #BharatiyaJasoosParty https://www.washingtonpo…
-
@narangvipin
Vipin Narang
on x
One part of the Government of India was using Pegasus against not only Indian citizens, but against other parts of the GoI and against democratically elected members of Parliament—both opposition and within the BJP! The question is which part of the GoI and on whose authority. ht…
-
@nihamasih
Niha Masih
on x
BREAKING: More names in the list out now. @RahulGandhi, his aides and friends; Ashok Lavasa, key election official considered an obstacle to the ruling party; @PrashantKishor and members of the family of the woman who accused CJI Gogoi of sexual harassment https://www.washingtonp…
-
@atti_cus
Dushyant
on x
So he molested a woman, went after her family once she protested, got her brother fired, and now we know- got the government to buy Israeli software and snoop on her family. https://twitter.com/...
-
@snowden
Edward Snowden
on x
“Those who did [the hacking] were looking to take undue advantage of their position of power... It is an attack on the democratic foundations of our country. It must be thoroughly investigated and those responsible be identified and punished.” https://t.co/85DTF6cRwB
-
@bdutt
Barkha Dutt
on x
So the opposition politicians names are out in @guardian #PegasusProject https://twitter.com/...
-
@safimichael
Michael Safi
on x
One of the most shocking things we found in India: A woman accuses the country's most senior judge of sexual harassment. Two days after she goes public, her phone number and those of several family members are identified as candidates for surveillance https://www.theguardian.com/…
-
@kenroth
Kenneth Roth
on x
Rather than stop selling its highly intrusive spyware to governments with a history of persecuting journalists and activists, the Israeli NSO Group hired “Washington power brokers” to try to cleanse its tainted image. https://www.washingtonpost.com/ ... https://twitter.com/...
-
@davidakaye
David Kaye
on x
as one would expect, NSO Group developed a circle of enablers in washington (but, of course, not only there). @drewharwell is on the story. among other things... https://www.washingtonpost.com/ ...
-
@washingtonpost
@washingtonpost
on x
The surveillance giant has failed to build a big business in the U.S. But an influential network of consultants, lawyers and lobbyists still made money representing the company. https://www.washingtonpost.com/ ...
-
@washingtonpost
@washingtonpost
on x
The Pegasus Project | A global investigation: How Washington power brokers gained from NSO's spyware ambitions https://www.washingtonpost.com/ ...
-
@jimstewartson
@jimstewartson
on x
👮🏻Arrest Mike Flynn.👮🏽♀ ️ https://twitter.com/... https://twitter.com/...
-
@snowden
Edward Snowden
on x
Read about the Biden, Trump, and Obama officials who accepted blood money from the NSO group to bury any efforts at accountability — even *after* their involvement in the death and detention of journalists and rights defenders around the world! https://www.washingtonpost.com/ ...
-
@zackwhittaker
Zack Whittaker
on x
Amazon has known NSO used its infrastructure for at least a year. (It also hasn't been a secret among researchers.) Remember when tons of location data for its contact tracing tech “Fleming” was exposed? Yep, that was all AWS, too. Curious to see if Amazon will act more broadly. …
-
@lorenzofb
Lorenzo Franceschi-Bicchierai
on x
Why would you pay your PR people to write 2,800 words in an email and then forbid journalists from quoting any of it? Dear Apple, this is a ridiculous PR strategy. https://www.washingtonpost.com/ ... https://twitter.com/...
-
@kimzetter
Kim Zetter
on x
“The text delivered last month to the iPhone 11... made no sound. It produced no image. It...delivered malware directly onto her phone—and past Apple's security systems... The hacked phones included an iPhone 12 with the latest of Apple's software updates.” https://www.washington…
-
@violetblue
Violet Blue®
on x
Guy Rosen, who founded FB's Onavo VPN app that was legit spyware, got pulled when caught. Connects to NSO's Pegasus b/c according to NSO court docs, FB wanted Pegasus b/c Onavo's spying on iPhones was too limited: https://www.vice.com/... https://twitter.com/...
-
@dinodaizovi
Dino A. Dai Zovi
on x
I do think iOS' security capabilities from Apple's vertical integration of hardware + software is a super-power and leads to best-in-class security engineering and features. The challenge is that due to their monoculture, they have to be ridiculously better at it than Android.
-
@reedalbergotti
Reed Albergotti
on x
At the same time, Apple has done some really advanced things with security, like using purpose-built processors to protect devices. But those projects happen internally and are based more on hypotheticals, not specific threats like NSO Group.
-
@carissaveliz
Carissa Véliz
on x
Even #BigTech is calling for #NSO to be stopped. In this case, @WhatsApp's CEO. #WhatsApp was right to sue #NSOGroup But let's not forget that everyone who has normalized #surveillance is complicit in the attempted murder of #democracy. 8 https://twitter.com/...
-
@mfinkel
Matt Finkel
on x
Me: How does Android compare? Article: “three of the 15 Android phones examined showed evidence of a hacking attempt” Me: But...? Article: “but that was probably because Android's logs are not comprehensive enough” https://twitter.com/...
-
@reedalbergotti
Reed Albergotti
on x
But shareholders don't get paid in courage. Meanwhile, this hacking has a tremendous cost, hurting democracy around the world. So what's the answer? I certainly don't have them, but it's an issue I hope we talk about a lot more in the near future.
-
@ortegaalfredo
Alfredo Ortega
on x
iOS may have better security, but I don't think you can use a single exploit chain in >50000 Android targets. Too much variation. Apple lack of software diversity is its downfall. https://twitter.com/...
-
@asymco
Horace Dediu
on x
@spwells @tangojoshua Don't worry, the EU has got your back. Apple will be forced to allow side-loading of apps which are not subject to privacy or security scrutiny.
-
@ashk4n
Ashkan Soltani
on x
Folks looking into @Apple / @NSOgroup: Follow The Money This ecosystem is incredibly well-resourced and fueled by govs / oligarchs who can afford to pay large sums to surveil their targets. A single limited shelf-life vuln can be worth upwards of $1M https://developer.apple.com/ …
-
@reedalbergotti
Reed Albergotti
on x
One former employee told me the security team would send canned responses (to ensure they would not be vetoed by the marketing team) to researchers who submitted bugs. That kind of communication does not lead to good relationships with security researchers.
-
@mfinkel
Matt Finkel
on x
Me: Okay. We don't know if there are fewer compromised Android devices because: 1) Google is just better than Apple at this, 2) market share, or 3) Google's not systemically better, but NSO doesn't have a zero-click vuln right now. Article: Think whatever you want.
-
@reedalbergotti
Reed Albergotti
on x
As @craiu told me, that means we don't know the extent of the problem. He said if Apple allowed more analysis of iPhones for malware, it would generate bad press, but make iPhones more secure. That takes courage, he said.
-
@parismartineau
Paris Martineau
on x
i don't think the average reader understands how much tech companies love restricting the amount of useful information journos can publish about their operations https://twitter.com/...
-
@mfinkel
Matt Finkel
on x
Me: So, Android? Article: “Google has a threat analysis team that tracks NSO Group and other threat actors” Me, great, soooo Android? Article: “A head-to-head comparison of the security of Apple's and Google's operating systems and the devices that run them is not possible”
-
@cesare_c
Cesare Coscia
on x
@ryanaraine I think their model of bundling security fixes with OS releases is destined to change. They need to move to micro services similar to Google to stay ahead of bad actors. It's an archaic model.
-
@jason_kint
Jason Kint
on x
WAIIIIIIITTTTTTTT Facebook's “VP of Integrity” who willingly put his name and reputation on the press release pushing back on White House co-founded Onavo (FB's surveillance tool)????? I entirely forgot about this. He's the VP of Integrity???? You can't make this garbage up. http…
-
@wcathcart
Will Cathcart
on x
Indeed. https://twitter.com/...
-
@dinodaizovi
Dino A. Dai Zovi
on x
There is a nuanced trade-off between security in a monoculture of targets versus in a diverse ecosystem. Artificial diversity such as ASLR isn't quite it. I spoke about this a bit just as my voice was completing giving out at Black Hat Asia in 2016: https://www.youtube.com/... ht…
-
@reedalbergotti
Reed Albergotti
on x
Apple has so many bugs that it can't fix them all, and can take years to implement fixes. It created a bug bounty program in 2016, which it says pays the most in the industry. But inside and outside the company, the view is that it has room for improvement. A lot of room.
-
@uzmabarlaskar
Uzma
on x
@matthew_d_green I wish they didn't have a dismissive tone because it impacts only a small group of ppl. Protection against mass surveillance may not be enough if all it takes to silence free speech are tapping journalists and the opposition. The trickle down impact of this can b…
-
@rohini_sgh
Rohini Singh
on x
Hello @Apple. When are you taking NSO to court? Why should people pay a premium on your products if they are so easy to hack into? https://twitter.com/...
-
@washingtonpost
@washingtonpost
on x
Pegasus, NSO's signature surveillance tool, can collect emails, call records, social media posts, user passwords, contact lists, pictures, videos, sound recordings and browsing histories, according to security researchers and NSO marketing materials. https://www.washingtonpost.co…
-
@matthew_d_green
Matthew Green
on x
I think it's amusing that we're still having a debate about breaking end-to-end encryption in a world where governments indiscriminately toss NSO at their political opponents.
-
@matthew_d_green
Matthew Green
on x
I sympathize with Ivan here. Imagine building up Apple's security for years and doing a great job, then finding out you also have to deal with the worst people, willing to spend infinite money on bespoke exploits — so they can murder journalists. https://twitter.com/...
-
@josephmenn
Joseph Menn
on x
Apple's iMessage is a hot mess. https://twitter.com/... https://twitter.com/...
-
@jasonhaw_
Jason Haw
on x
Of all the Pegasus news articles in the past 24 hours, this is probably the most disappointing because Apple likes to tout they have the most secure smartphones - the iPhone's security features are basically a dud against Pegasus https://www.washingtonpost.com/ ...
-
@alexhern
Alex Hern
on x
The security of iPhones is, Apple assures us, world class. But it hides an unspoken trade-off: the same restrictions that make it so hard to hack also mean users have to have total faith in iOS security. And when that fails, it fails hard: https://www.theguardian.com/ ...
-
@reginadulanjali
Regina Dulanjali
on x
Apple sent a 2800-word explanation to Washington Post defending iPhone but says Apple can't be quoted directly. Why can't Apple be quoted directly? BTW - heading of the Washington Post article is “Despite the hype, iPhone security no match for NSO spyware” https://twitter.com/...
-
@snowden
Edward Snowden
on x
“Apple restricts the access researchers have to iOS in a way that limits the ability of consumers to discover when they've been hacked.” https://www.washingtonpost.com/ ...
-
@jimwaterson
Jim Waterson
on x
This explanation of the Pegasus spyware and how it no longer even requires a target to click a dodgy link before gaining full access to the user's phone is pretty chilling. https://www.theguardian.com/ ...
-
@geoffreyfowler
Geoffrey A. Fowler
on x
Zero-click attacks “can work on even the newest generations of iPhones, after years of effort in which Apple attempted to close the door against unauthorized surveillance—and built marketing campaigns on assertions that it offers better privacy & security” https://www.washingtonp…
-
@snowden
Edward Snowden
on x
The text delivered last month to the iPhone 11 made no sound. It produced no image. It offered no warning of any kind as an iMessage from somebody she didn't know delivered malware directly onto her phone — and past Apple's security systems. https://www.washingtonpost.com/ ...
-
@khalidbshah
Khalid Shah
on x
Despite the hype, iPhone security no match for NSO spyware International investigation finds 23 Apple devices that were successfully hacked https://www.washingtonpost.com/ ...
-
@kimzetter
Kim Zetter
on x
Activists and journalists around the world who face imprisonment and potentially death are concerned about the security of their devices and the no-click malware that can silently infect their fully-patched phones, and Apple pr is concerned about being quoted https://twitter.com/…
-
@pwnallthethings
@pwnallthethings
on x
Or put it another way, we're past the point where we can seriously believe we'll ever bug-fix our way out of these parsers having exploitable bugs, and so now the question is where the investment is to replace them and why that investment is so low.
-
@pwnallthethings
@pwnallthethings
on x
For journos, a follow up question would be “how many engineers will Apple now assign to rewriting the exploited iOS image parsers in a memory-safe language” https://twitter.com/...
-
@pwnallthethings
@pwnallthethings
on x
A lot of problems in cybersecurity can't be fixed by just throwing engineers and money at it. But those specific parsers? This is an example where really can spend your way to closing the attack surface.
-
@datadrivenmd
Jorge A. Caballero
on x
🔥 This part of the story isn't getting enough attention: this espionage-for-hire company can turn any iPhone into a surveillance device without the user ever knowing about it— that means taking photos, turning on your microphone, and more https://twitter.com/...
-
@neilmacfarquhar
Neil MacFarquhar
on x
Claim by @Apple that iPhones thwart spyware are a lie as numerous rights activists, journalists and others have found that even their latest models were infected by Israeli-made,"zero-click" spyware called Pegasus. https://www.washingtonpost.com/ ...