In the wake of revelations that NSO Group's spyware has been used to spy on more than 50,000 heads of state, political activists and journalists, Amnesty International has announced that iPhones can be - and have been - affected by NSO spyware. This is despite Apple's frequent assurances that its phones are the most secure and private on the market.
Pegasus, a spyware tool developed by the Israeli firm NSO Group, is designed to be secretly installed on mobile phones and thereafter used for detailed surveillance. It gives the controller of the software access to the phone's microphone and camera, as well as logging keystrokes, phone calls, messages and so on.
According to Amnesty International, NSO has executed so-called "zero click" attacks via iMessage to infect iPhone 11 and 12 handsets. Infections could number in the thousands.
Amnesty's deputy chief technology officer, Danna Ingleton, said in a statement: "This is a global concern - anyone and everyone is at risk, and even technology giants like Apple are ill-equipped to deal with the massive scale of surveillance at hand."
It's particularly worrying that the newest generation of iPhones are susceptible to the attacks, and even "the latest updates which were believed to have high levels of security" are no defence, the organisation reported.
"We have seen Pegasus deployed through iMessage against Apple's latest version of iOS, so it's pretty clear that NSO can beat BlastDoor," Citizen Lab analyst Bill Marczak told The Guardian. "Of course, developing security features is still important. Each new measure raises the cost to hack devices, which can price out less sophisticated attackers."
BlastDoor is a feature used by iPhones to 'screen' messages and prevent them causing damage.
The report - particularly following the news last week that Russian hackers exploited an iOS bug to target government officials earlier this year - will cause embarrassment for Apple, which has positioned the iPhone as the ultimate privacy tool in a world of trackers, cookies and spyware. But some analysts feel the company may have become complacent.
"Apple's self-assured hubris is just unparalleled," former NSA employee Patrick Wardle commented to The Guardian. "They basically believe that their way is the best way.
"If you talk to security researchers in dealing with, say, Microsoft, they've said: 'We're gonna put our ego aside, and ultimately realise that the security researchers are reporting vulnerabilities that at the end of the day are benefiting our users, because we're able to patch them.' I don't think Apple has that same mindset."
The revelations about NSO's spy programme emerged through the Pegasus Project, a collaboration involving more than 80 journalists from 17 media organisations in ten countries co-ordinated by the non-profit organisation Forbidden Stories.
According to NSO, customers agree to use the technology only in the fight against terrorism or serious crime. But a leak shows intelligence services in states such as Azerbaijan, the United Arab Emirates and Hungary have used the NSO to monitor activists, journalists and politicians.
For peace of mind, read the anti-spyware software reviews on our sister site Tech Advisor. And for this specific form of spyware, read our guide explaining how to check if your iPhone is infected by NSO's Pegasus spyware.
This article originally appeared on Macworld Sweden. Translation and additional reporting by David Price.