By akademiotoelektronik, 05/12/2022

Project Pegasus: despite the security breach, Apple wants to be reassuring

After such statements, Apple's response was not long in coming. It was not Tim Cook who wanted to put out the fire, but Ivan Krstić, engineer at the head of the Californian company's safety department. While condemning the use of the software, Ivan Krstić still wants to reassure anyone who wants to listen: "Security researchers agree that the iPhone is the safest and most secure smartphone on the market". He will add later that this type of attack can in no way call into question the reliability of Apple smartphones since "they are highly sophisticated, cost millions of dollars to develop, often only have a short lifespan. life and are used for specific targets".

If after these statements you are not reassured, the engineer concludes his speech by indicating that Apple is constantly adding protections, both for its products and for your personal data. Although all this is not hard to believe, it must be borne in mind that Pegasus has managed to infiltrate recent models on all counts.

How to explain the infection?

As the Futura Sciences site indicates, the hackers used the Kismet vulnerability which allows them to infiltrate an iPhone with a simple iMessage. The user does not have to do anything to activate it since once the message has been received, the smartphone is infected. This is called a "zero-click" flaw. This type of software crack has already plagued Apple last year and the fix only appeared with iOS 14.

For example, France Culture reveals that the iPhone of Claude Mangin, wife of an activist imprisoned in Morocco, received an iMessage on June 11 without the latter having manifested itself in any way. No notification, no noise, nothing. The smartphone was infected without its owner suspecting it.

We thought we would be rid of it, but we have to believe that the company NSO Group — creator of the spyware — was able to adapt to the multiple corrections from Apple. According to the investigation report carried out by Amnesty International, the Kismet flaw would still work today on iPhones and iPads running iOS 14.3, iOS 14.4 and iOS 14.6. The latest iOS 14.7 version has just been made available to the public and it is unlikely that Apple has had time to deploy any patch...