In fact, Amnesty International researchers say it was easier for them to find indicators of tampering and investigate Apple devices targeting Pegasus malware than stock Android devices.
“In Amnesty International’s experience, there are significantly more forensic traces available to investigators on Apple iOS devices than on standard Android devices, so our methodology is focused on the former,” the group wrote in a lengthy letter. technical analysis their finds on Pegasus. “As a result, the most recent confirmed cases of Pegasus infection have been iPhone-related.”
Some of the focus on Apple is also due to its emphasis on privacy and security in the development and marketing of its products.
“Apple is trying, but the problem is that they are not as diligent as their reputation suggests,” says Matthew Green, a cryptographer at Johns Hopkins.
However, even with a more open approach, Google faces similar criticism that visibility security researchers can infiltrate its mobile operating system.
“Android and iOS have different types of magazines. It’s really hard to compare them, ”says Zuk Avraham, CEO of analytics group ZecOps and a longtime proponent of access to mobile information. “Each has an advantage, but both are equally inadequate and allow intruders to hide.”
However, Apple and Google seem hesitant to disclose more information about sausage manufacturing in digital forensics. And while most independent security researchers are in favor of the transition, some also acknowledge that expanding access to system telemetry will help attackers as well.
“While we understand that permanent journals will be more useful for forensic research, such as those described by Amnesty International researchers, they will also be useful for attackers,” a Google spokesman said in a statement to WIRED. “We are constantly balancing these different needs. … “
Ivan Krstic, head of Apple’s security architecture and development, said in a statement that “Apple unequivocally condemns cyberattacks against journalists, human rights defenders and others seeking to make the world a better place. For over a decade, Apple has led the industry in security innovation, and as a result, security researchers agree that the iPhone is the safest and most secure consumer mobile device on the market. Attacks like these are very sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific people. While this means they do not pose a threat to the vast majority of our users, we continue to work tirelessly to protect all of our customers and we are constantly adding new protections to their devices and data. ”
The trick is to find the right balance between offering more system indicators without making it much easier for attackers. “There is a lot that Apple could do in a very secure way to enable surveillance and rendering of iOS devices to detect this type of bad behavior, but that doesn’t seem to be a priority,” says an iOS security researcher. Will Strafach. “I’m sure they have a fair political reason for this, but I disagree with that and would like to see a change in that thinking.”
Thomas Reid, director of Mac and mobile platforms at antivirus maker Malwarebytes, agrees that a deeper understanding of iOS will benefit user protection. But he adds that there are real risks involved in using dedicated, reliable monitoring software. He points out that there are already suspicious and potentially unwanted programs in macOS that the antivirus cannot completely remove because the operating system endows them with this special type of system trust, potentially erroneous. The same problem with fraudulent analysis tools will almost inevitably arise on iOS as well.