Apple has always been proud of the secure service it provides to its customers. It often pokes fun at Android, speaks at length about privacy during keynotes, and has released few features that have irritated the other Big Tech companies. However, the new Pegasus spyware disclosure has left Apple red-faced, indicating that the Cupertino-based tech company has to beef up its security. Journalists and human rights campaigners from all around the world, including India, were targeted by the malware.

The Amnesty International Security Lab discovered evidence of Pegasus infections or attempted infections in 37 of the total 67 cellphones examined. 34 of them were iPhones, with 23 displaying evidence of a successful Pegasus infection and the other 11 displaying signs of an attempted infection.

Only three of the 15 Android cellphones, on the other hand, revealed signs of a hacking effort. However, there are two things to consider before assuming that Android phones are safer than iPhones. One, Amnesty’s investigators confirmed that Pegasus evidence was located on the iPhone more than anywhere else. Android’s logs aren’t large enough to retain all of the data required for decisive findings. People have greater security expectations than the iPhone, for two reasons.

Apple has often said in previous years that the iPhone is a more secure phone than Android, and this assertion holds whether Pegasus is there or not. However, the Pegasus tale demonstrates that the iPhone is not as secure, or rather unhackable, as Apple claims. This is reflected in Amnesty International’s statement.

The issue is especially concerning because it affected even the most recent iPhone 12 devices running the most recent version of Apple’s operating system. That’s usually the best and last level of protection a smartphone maker can provide.

“Apple strongly opposes cyberattacks against journalists, human rights advocates, and anyone working to make the world a better place,” Ivan Krstic, head of Apple Security Engineering and Architecture, said in a statement to India Today Tech. Apple has led the industry in security innovation for over a decade, and as a consequence, security experts believe that the iPhone is the safest and most secure consumer mobile device available. Such attacks are very complex, cost millions of dollars to create, have a short shelf life, and are used to target specific persons. While this means they pose no harm to the vast majority of our users, we continue to work diligently to secure all of our customers, and we’re always implementing additional safeguards for their devices and data.”

How did the iPhone’s security get hacked?

Pegasus zero-click assaults were used to hack the iPhones, according to the study. It claims that thousands of iPhones have been infected, but it cannot confirm the exact number of phones that have been affected. ‘Zero-click’ assaults, as the name implies, do not involve any activity from the phone’s user, giving an already strong virus even more potential. These attacks target software that accepts data without first determining whether or not it is trustworthy.

In November 2019, Google Project Zero security researcher Ian Beer uncovered a similar vulnerability, revealing that attackers may take total control of an iPhone in the radio vicinity without requiring any user input. Apple released a software update to remedy the problem but confessed that it was powerful enough to damage the devices.

Because zero-click attacks don’t involve any user interaction, avoiding them becomes extremely tough. Even if you are aware of phishing attempts and use the best online practices, you may still be targeted by this malware.

What does Pegasus have access to?

While there is an amount of data on who was impacted and how they were affected, no investigation has been able to uncover the data that was gathered. However, the options are limitless. Pegasus may gather emails, call logs, social network posts, user passwords, contact lists, photos, videos, sound recordings, and browser history, among other things.

It also can turn on the cameras or microphones to acquire new photos and recordings. It can listen to voice mails and gather location records to figure out where a user has gone, and it can do all of this without the user accessing their phone or clicking on a strange link.