Security News > 2021 > July > Researchers: NSO Group’s Pegasus Spyware Should Spark Bans, Apple Accountability
News of a zero-click zero-day in Apple's iMessage feature being incorporated into the notorious Pegasus mobile spyware from NSO Group has drawn a variety of reactions from the security community, including concerns about the security of Apple's closed ecosystem, and varying views on NSO Group's culpability for how Pegasus is used.
He added, "Apple aims their statements about security and privacy at consumers. However, the majority of the individuals targeted by the NSO group are not categorized as typical consumers and Apple needs to recognize that securing these individuals may require help from third parties."
Not everyone Brian Higgins, security specialist at Comparitech, said that the NSO Group does "Their best to control its deployment contractually," but noted that it's hard for the firm to govern how government customers use Pegasus.
"NSO Group has been suspected of selling its spyware to some of the world's most oppressive governments and leaders," he told Threatpost.
"Amnesty International and Citizen Labs' findings further support these suspicions. NSO Group is in effect a weapons dealer, and there's very few restrictions on to whom it can sell its weapons. Pegasus is used by governments and other authorities to commit crimes, notably against journalists and political opponents. There is no legitimate and legal use for PegasusWe need to end the commercial market for malware by putting a moratorium on the sale of all hacking tools."
"Ultimately, for NSO Group, Apple and law agencies, the lesson is that with great power comes great responsibility. It is time to step it up and find a way forward where NSO Group, Apple and law agencies can further improve their collaboration rather than take a step back."
News URL
https://threatpost.com/nso-pegasus-spyware-bans-apple-accountability/167965/
Related news
- NSO Group Exploited WhatsApp to Install Pegasus Spyware Even After Meta's Lawsuit (source)
- Apple creates Private Cloud Compute VM to let researchers find bugs (source)
- Apple Opens PCC Source Code for Researchers to Identify Bugs in Cloud AI Security (source)
- NSO Group used another WhatsApp zero-day after being sued, court docs say (source)