



Privacy and security are a thorny issue for technology companies, including Apple.

Angela Lang / CNET

Apple has long been seen as a security and privacy advocate in the tech industry, which is immersed in the vacuuming of consumer data. But two recent events have raised questions about whether the iPhone maker’s reputation has lost its brilliance.

Earlier this month, Apple released an emergency patch that closed a hole in the operating system that powers iPhones, iPads, and Apple Watches, making it vulnerable to Pegasus spyware manufactured by NSO Group in Israel. This patch was released a week before a new version of the operating system was released, causing unnecessary attention that undermined the company’s fall device launch.

On another walkback, Apple has postponed the announced feature of scanning devices for images of child exploitation. Privacy and security experts, and other critics, say that approaches to combating illegal material create backdoors that can be abused by governments aimed at curbing freedom of expression. I accused him of being equal to.

Richard Bird, Chief Customer Information Officer of cybersecurity firm Ping Identity, said:

The discovery of Pegasus spyware could constitute a “Cambridge Analytica moment,” he said, referring to a collection of data that grabbed the Facebook headline used in the election campaign.

Apple’s public criticisms of security and privacy are at a crossroads for companies that have used user-centered stance initiatives as a way to differentiate themselves from their data-intensive rivals. The company won praise for opposition to the FBI, which Apple wanted to crack the terrorist iPhone 5C, which killed 14 people in 2015.

Apple has taken advantage of its strong position on privacy to beat its competitors. Before the 2019 Consumer Electronics Show, the company put up a sign that says, “No matter what happens on the iPhone, it stays on the iPhone.”

Apple refused to comment on the story beyond previously issued statements on both issues.

Relatively virus-free

Apple has long had a reputation for being relatively low in viruses, Trojan horses, malware, or any form of malicious software that could pollute your machine. This was primarily because the Mac computer was a niche machine, not a flagship product of a company running Microsoft’s ubiquitous Windows operating system.

Cybersecurity experts say cybercriminals weren’t worth the time and effort to design and target malware and look for operational system vulnerabilities.

However, the popularity of the iPhone has increased interest in the Mac. According to research firm IDC, Apple desktop and laptop computer sales in 2020 increased 29% year-on-year, with the company’s market share at 7.6%.

This has made the Mac and the broader Apple ecosystem a more attractive target for hackers who distribute malware. In addition, the widespread transition to mobile computing on mobile phones and tablets has created a number of new targets for Apple’s leading product class.

For example, in March, Apple pushed updates for iPhone, iPad, and Apple Watch to fix a WebKit vulnerability discovered by security researchers at Google’s Project Zero that enhances Apple’s Safari browser. Researchers said at the time that this vulnerability could be actively exploited.

And last fall, five hackers said they discovered 55 Apple vulnerabilities, 11 of which were considered critical. In other words, if misused, it can have serious consequences such as user data breaches. The group discovered a mountain of problems in three months and received a bug bounty of just under $ 300,000 from Apple for its work as of October.

JTKeating, Senior Vice President of Product Strategy at mobile security firm Zimperium, makes sense that cybercriminals have acted to attack mobile devices.

“The reason this is newsworthy is that we haven’t heard much about this kind of thing,” Keating said. Apple and Citizen Lab, a research group that discovered the Pegasus vulnerability, seemed to have worked well to fix it, he said.

Not everyone is free. Ping’s Bird said Apple wasn’t responsible for the fact that spyware was specifically designed to attack Apple devices.

According to research firm Counterpoint, Apple has a 53% share of the US smartphone market as of the second quarter of this year, about twice that of its closest rival Samsung.

“They need to publicly acknowledge that we as customers are our targets,” he said, adding that the company seems to have wiped out the problem ahead of last week’s product event.

Blast from the beginning

More worrisome, perhaps last month’s Apple announcement, announced a new technology designed to search for images of child exploitation on the user’s device.

This new feature was originally planned to be incorporated into software updates for iOS 15, iPad OS 15, WatchOS 8, and MacOS Monterey, and is designed to detect if a device contains material that exploits children.

This is done by converting each image into a hash, or a bit of code that identifies the file. These hashes are then matched against a database of known child exploitation content maintained by the National Center for Missing and Exploited Children. If a certain number of matches are found, Apple will be warned and may investigate further.

The move was exploded from the beginning by security experts and privacy advocates. Groups, including the Electronic Frontier Foundation and Fight for the Future, organized protests outside the Apple Store and submitted petitions signed by approximately 60,000 people to the company.

At a media event before the protest, renowned technician Bruce Schneier, sitting on the EFF’s board, prevented the government from forcing Apple to use the same system to look for something else. I said there was nothing. (Apple claims that client-side scanning remains secure by keeping the process on the device.)

“This is the equivalent of a monitoring system for all Apple users’devices and cannot be safely placed on all Apple users’ devices,” Schneier said. “It’s not targeted, it’s not proportional, it doesn’t work.”

