Congress leader Rahul Gandhi, Union Minister Ashwini Vaishnaw and poll strategist Prashant Kishor are among the prominent figures identified as potential targets of the Pegasus spyware attack in the latest expose by Amnesty International and Forbidden Stories.
But the revelations have also brought under the spotlight Apple and the apparent chink in the security on its devices.
The Pegasus spyware makes use of a zero-click exploit in Apple’s iMessage messaging service to take control of a user’s phone. Using a malicious link, the spyware can gain full access to files, calls, contacts, messages and even the ability to control the camera and microphone.
Commenting on the spyware discovery, Apple issued a statement, saying that attacks like Pegasus are highly sophisticated, cost millions of dollars to develop, have a short shelf life, and are used to target specific individuals.
Apple has built a loyal following by marketing the iPhone as the most secure smartphone and recently defended the claims during its antitrust hearing at the US senate.
The breach of Apple’s security by the Pegasus spyware, however, led to a drop in Apple share prices by 2.3 per cent yesterday.
Apple has since announced a $1 million reward as part of its bug bounty program for any lead on the vulnerability used by Pegasus. The NSO Group charges between $7-8 million per licence for use of the Pegasus spyware.
The Israeli company’s Pegasus utility made use of Amazon’s AWS cloud infrastructure as part of the exploit. Amazon has since blocked AWS access for the NSO Group.
The latest security controversy makes one point clear: no piece of technology, no matter how expensive, is truly secure and it is imperative not to take the promise of security at face value.