An iPhone with a thematic binary wallpaper. Pegasus may have been more widely used than first believed, after an iPhone app used to detect infestations uncovered multiple undiscovered instances of the spyware. Pegasus, created by NSO Group, is known to be spyware used by governments and security agencies around the world. While the spyware has previously been discovered on devices owned and used by prominent political figures, people of interest to governments, and journalists, it was probably more widely used than anyone expected.
In May 2024, iVerify released a $1 app for people to scan their iPhones for any signs of compromise. On Wednesday, iVerify said that, of the approximately 3,000 people who downloaded and used the app, there were seven verifiable detections of Pegasus.
The security outfit said this works out to be about 2.5 infections per 1,000 phones scanned, or a 0.25% infection rate. These constituted "true positive Pegasus detections" that could be definitively be proven, and in instances where the user's identity was verified.
The study openly admits that the number may be skewed towards "highly-targeted individuals or people who already thought their device might be compromised." After publishing an initial report in December on its findings, it was then given a second opportunity and a wider audience.
Approximately 18,000 more downloads of the app took place following that report, with 11 new cases detected in December alone. The second wave, which included a larger and more generalized audience than the first, brought the global incidence rate down to 1.5 per 1,000 scans. At the same time, the group believes the larger sample size increases its confidence that the 1.5 infection figure is "closer to the true incidence rate.".
It is inferred by this second group that mobile compromises can extend beyond high-value targets to "impact a broad cross-section of society." The new detections attacked users in government, finance, logistics, and real estate industries, with some attacked over a number of years with multiple variants used.
While the underlying tone of the report is that more people should be trying the $1 scanning app, it does at least offer some important data points to consider. Apple has been proactive in trying to help protect those who have potentially been hit by a Pegasus installation on their device. However, the report adds that it's not been a total success for the company.
It claims that, in about half the new detections, the targets did not receive Threat Notifications from Apple at all. In these cases, the users would not have been aware of any device compromise at all, the report points out. When Apple detects some form of surveillance attack has been made against iPhone users, it does try to send out notifications to those affected by it. Occurring since 2021, this has led to regular waves of alerts to people around the world, urging for them to take the attack warning seriously.
While Apple doesn't typically attribute the attacks to an organization or a government, that hasn't stopped some from fighting Apple's efforts. For example, in December 2023, Apple was targeted by the Indian government for alerting independent journalists and opposition politicians of possible attacks from government hackers. In response to the notifications, a probe was made into Apple's threat detection algorithms and device security, rather than addressing the hacking concerns.
The latest report does prove that Apple's Threat Notification system does work, but there's still a lot of room for improvement when it comes to detecting and acting on attacks. Based in South Wales, Malcolm Owen has written about tech since 2012, and previously wrote for Electronista and MacNN. In his downtime, he pursues photography, has an interest in magic tricks, and is bothered by his c...
Yoto Mini is a tiny, pocketable music player for kids and toddlers that shuns screens. While staying kid-friendly, it adds a surprising amount of tech for endless entertainment. Mark S may have no idea who Jake from State Farm is, but a new ad featuring the insurance company and Apple TV+ hit "Severance" brings them together.
Apple only just revealed the C1 modem with iPhone 16e on Wednesday, but there's already a rumor about the C2 being tested internally. The custom modem in the iPhone 16e lays the groundwork for future Apple projects, as the company intends to use its proprietary modems across future products.
The long-rumored iPhone 17 Air may be equipped with a slightly larger display than originally anticipated, according to a source with a mixed track record. If you're confused about who the iPhone 16e is for, you're not alone — I know I won't be upgrading.
Cybercriminals are ramping up their use of fake software updates to distribute malware, and Mac users are in the crosshairs with a new strain. A benchmark has allegedly surfaced that could be by the upcoming M4 MacBook Air refresh, a possible sign of an impending launch for the budget portable Mac.
