Apple had to urgently repair, Monday, September 13, a computer flaw that the controversial Pegasus software was able to exploit to infect iPhones despite the vigilance of users, demonstrating that no company, no matter how technologically advanced, is sheltered.

Spyware from Israeli company NSO has successfully hacked Apple-branded devices without resorting to trick links or buttons, the technique commonly used.

The flaw was spotted last week by Citizen Lab researchers, who discovered that a Saudi activist's iPhone had been infected via iMessage, Apple's messaging system.

According to this cybersecurity organization at the University of Toronto, Pegasus has been using this vulnerability "since at least February 2021".

"Used to target specific people"

"This exploit, which we called FORCEDENTRY, targets Apple's image rendering library, and worked against Apple iOS, MacOS and WatchOS devices," the operating systems of mobile phones, computers and smartwatches from the brand to Apple.

"After identifying this flaw (...), Apple quickly developed and deployed a patch in iOS 14.8 to protect our users," said Ivan Krstic, director of security systems at Apple, in response to a request from the 'AFP.

The Californian group praised Citizen Lab for its work and pointed out that this type of "ultra sophisticated" attacks "cost millions of dollars, do not last long and are used to target specific people."

They are therefore "not a threat to the overwhelming majority of our users," said Ivan Krstic.

"But we continue to work tirelessly to defend all of our customers."

Discreet infections

Apple's update, which has made the security of its phones and computers a major selling point, shows the growing difficulty for companies, including the Silicon Valley giants, to cope with growing computer threats. more efficient.

"In the past, users could be trained to avoid infection by being careful of suspicious text messages and not clicking on links to numbers they didn't know," said Kevin Dunne, president of Pathlock, a security company. cybersecurity.

"But now attackers are getting, without any clicks, to access all the data of a phone, its microphone and its camera, passing through the flaws of third-party applications or even present by default," he says. .

Data theft and ransomware attacks have increased in recent months, targeting various companies and organizations, including a US pipeline operator and a major Indian airline.

But NSO-related spy hacks are unique in that they come from agencies or legal authorities, using software provided by a company, and not from anonymous criminals.

"NSO will continue to equip intelligence and law enforcement agencies around the world with technologies that save lives and help fight crime and terrorism," Israeli society responded.

"Human rights violation"

Citizen Lab had played a key role in bringing the mass spy scandal to light via Pegasus in July.

According to information from a consortium of 17 media, in France, an issue of Emmanuel Macron, former Prime Minister Édouard Philippe and 14 members of the government appeared "in the list of issues selected by a security service of the 'Moroccan State, user of Pegasus spyware, for potential piracy ".

In all, according to the associations Amnesty and Forbidden Stories, the case concerns a list of 50,000 telephone numbers in the world selected since 2016 by customers of NSO.

Pegasus allows "to buy his own NSA", the American intelligence agency, Ron Deibert, the director of Citizen Lab, had joked in July.

"Selling these technologies to governments who will use them in violation of international and human rights law ultimately facilitates the discovery of this software by research organizations, as we and others have shown on multiple occasions. C 'was still the case this time, "said the laboratory on Monday.

Last March, the American think tank Atlantic Council had already sounded the alarm on the dangerous role played by NSO and other companies specializing in the sale of intrusion tools in smartphones and other computer systems.

These experts and politicians like German Chancellor Angela Merkel have called for more restrictions on the sale of this type of software, which is operated by states but not only.

With AFP

The summary of the week

France 24 invites you to come back to the news that marked the week

I subscribe

Take international news everywhere with you!

Download the France 24 application