Apple vs. NSO: ‘Lawsuits can only do so much’

“What about all those hackers on the fringes of business in Eastern Europe and North Korea?” — The Information’s Martin Peers

From Peers’ “The hole in Apple’s security argument” ($) posted Tuesday to The Information subscribers:

Next time Apple executives argue that they can’t relax rules around their iOS App Store for fear of allowing a malware invasion, let’s remember today, when the company sued Israeli firm NSO in retaliation for allegedly infecting iPhones with spyware. Yes, as secure as Apple claims the iPhone to be, the devices are apparently no match for those with the resources to look for vulnerabilities in its software.

This isn’t news, of course. Apple, like Microsoft and Google, is constantly patching security holes in its software, as news reports demonstrate. The inconsistency between that patch activity and Apple’s security boasts is one the iPhone maker usually prefers not to dwell on. What’s fascinating about Apple’s lawsuit is how it contorts itself to explain away the seeming contradiction that a device that purports to be secure actually isn’t.

“Security researchers agree that [the] iPhone is the safest, most secure consumer mobile device on the market,” says Apple’s complaint, filed in federal court in Northern California. “A recent study found that 98% of mobile malware targets Android devices.” Translation: No devices are secure, but Apple’s devices are less of a problem than others. Unfortunately, all it takes is one piece of malware to ruin your day—or drain your bank account.

With this lawsuit—which, as The New York Times notes, follows a lawsuit by Meta Platforms against NSO—Apple can add to the pressure on NSO and possibly achieve something. But what about all those hackers on the fringes of business in Eastern Europe and North Korea? Somehow the threat of a lawsuit filed by Apple in California doesn’t seem likely to scare them. Security vulnerabilities are a fact of life—for owners of iPhones and Android devices. Consumers have to defend themselves by, for instance, not putting sensitive information like driver’s licenses on their phones (much as Apple might want them to). Lawsuits can only do so much.

My take: OK, Martin, what do you suggest?

8 Comments

  1. Having my credit cards stored in Wallet is a vast improvement in security & convenience over the billfold where I keep my driver’s license & ATM card. My car insurer recently allowed me to load a secure copy of my insurance card to Wallet. I fully realize I could lose my phone and thus access to Wallet, but iPhone security, esp. the ability to geolocate it or wipe it remotely, is nearly priceless for one who is rapidly forgetting everything.
    NSO Group’s Pegasus is no doubt deployed by nations for many purposes including repression, antiterrorism, and other perceived violations of whatever Hammurabi-like codes exist in various states. The FBI likely uses it from time to time, despite denials. It is expensive and likely to result in blowback (lawsuits or worse) to those who deploy it, especially when used to spy on royals in the Middle East.
    The very existence of and need to counter intruders like NSO Group makes Apple’s security team and therefore future iOS versions more robust. I personally feel the threat to our overall security & society from Facebook & Google AI is much greater.

    5
    November 24, 2021
  2. David Emery said:
    For a long time, the IT community would have us believe that ‘all systems are equally buggy’. It’s not true, and we need to fight that trope at every opportunity. And we need to insist that Apple continue to get better.

    In a discussion over at Slashdot, someone wrote “All products are only built to be as good as they have to be, including your Mac. Think about everything you currently own. It’s all built as poorly as it can be. The things that are slightly better, have to be either because of safety or rarely, reputation.” There’s some truth to the observation that companies are generally not incentivized to produce better products (in large part because they’re no penalty for delivering crapware.) But at the end of the day, we need to insist on better products, and in particular to not accept vulnerable systems.

    1
    November 24, 2021
  3. Jerry Doyle said:
    Martin Peers is being disingenuous in writing this article criticizing Apple’s efforts at securing its OS from hackers’ attacks. Apple has the most secured device on the market and works continuously to make it more secure. To use a device penetration exploit as an excuse to taunt and repudiate Apple’s ongoing efforts to make its devices the safest and most secured on the market is backhanded, hollow and untruthful.

    Additionally, my personal information stored on my iPhone is about the safest place I can use and still have immediacy of access to that information. Martin Peers knows fully his assertion and critique of Apple’s OS not being 100% invincible is ludicrous.

    Can Peers name anything in life that is 100% invincible? Does the car he drive afford him 100% protection against injury in an accident? Does his home security system afford him 100% protection from a break-in? Does the airliner he flies afford him 100% protection of invincibility once the plane leaves the gate? Do restaurants where he dines assure him 100% protection from some form of food poisoning?

    There is no guarantee of “anything” in life other than death and taxes. I take comfort in knowing that Apple takes my privacy and security as being paramount and that the company is doing all it can to ensure as much as possible I am protected. Can I say the same about any other company producing smartphones? No, I can’t.

    8
    November 24, 2021
  4. Robert Paul Leitao said:
    Is the writer just a cynical and angry guy? I have better things to do with my time than read a non-productive, anti-Apple rant wrapped up likes it’s somehow relevant for readers.

    0
    November 24, 2021

Leave a Reply