SecureMac, Inc.

Checklist 344: iOS 17, Pegasus, and Sportsball!

September 21, 2023

iOS 17 enhances privacy with Lockdown Mode, anti-tracking, and secure passkeys. NSO’s Pegasus spyware targets journalists. Microsoft warns of cybersecurity threats in live sports events.

Checklist 344: iOS 17, Pegasus, and Sportsball!

New iOS 17 Introduces Enhanced Privacy and Security Features

TechCrunch reports on the latest privacy and security upgrades in iOS 17

In the midst of the highly-anticipated iPhone releases, Apple has rolled out iOS 17, along with updates to other operating systems, including iPadOS 17, watchOS 10, tvOS 17, and HomePod software version 17. While much excitement surrounds the shiny new features, some of the most significant updates are in the realm of privacy and security.

Lockdown Mode Reinforcement

iOS 17 enhances Lockdown Mode, designed to protect individuals from various forms of cyber threats. Lockdown Mode, which makes iPhones less vulnerable to hacking attempts, targets specific users such as activists, journalists, and government dissenters. New protections include blocking file sharing and links in Messages, restricting incoming invitations, and preventing wired connections when the iPhone is locked. Notably, Lockdown Mode now extends to the Apple Watch, further bolstering device security.

Anti-Web Tracking Measures

Apple has introduced anti-web tracking features in iOS 17. Safari now strips tracking information from web addresses, making it challenging for websites and advertisers to monitor users across the internet. This enhancement enhances user privacy and reduces the risk of online tracking.

Safety with “Check In”

The “Check In” feature, initially presented at WWDC23, provides an added layer of safety. It allows iPhone owners to share their real-time location with friends and can automatically alert them if something goes wrong. Importantly, this feature maintains end-to-end encryption, ensuring privacy.

Passkeys and Password Sharing

Apple’s collaboration with the FIDO Alliance brings improvements to passkeys, offering a more secure and convenient way to sign in online. With iOS 17, users can share passkeys and passwords with friends and family while maintaining end-to-end encryption. This feature simplifies secure information sharing without compromising privacy.

Live Voicemail for Privacy

A new Live Voicemail feature transcribes voicemail messages in real-time, providing a convenient way to access information without engaging in a call. This feature not only adds convenience but also enhances privacy, allowing users to screen messages from potential scammers or spammers.

While iOS 17 and other OS updates include undisclosed security fixes, Apple has not yet provided details on these updates. Users are encouraged to stay tuned for more information.

NSO Group’s Pegasus Spyware Raises Concerns Over Targeting Journalists and Activists

The NSO Group’s notorious Pegasus spyware is once again under scrutiny for its clientele, with recent revelations of its use in targeting journalists and human rights activists. Pegasus, known as a “zero-click” software, can remotely extract data from mobile phones without any recipient action. While it has been used for legitimate purposes, such as capturing criminals and thwarting terrorist plots, it has also been exploited by governments like Mexico, the United Arab Emirates, and Saudi Arabia to spy on journalists.

Recent security updates were prompted by a state-sponsored Pegasus attack on the chief executive of an exiled Russian news website operating in Europe. Apple notified the target in June, sparking investigations by groups like Citizen Lab. This incident marked the first documented case of Pegasus being used on a Russian journalist.

Furthermore, other Russian news outlets reported similar notifications from Apple, indicating a broader targeting of media professionals. The spyware’s ability to extract messages, photos, videos, and contacts raises concerns about the potential breadth of compromised information.

Despite mounting concerns, NSO Group’s exclusive sale of Pegasus to governments remains unchanged, leaving questions about the company’s clientele unanswered.

Microsoft Warns of Growing Cybersecurity Concerns in Live Sporting Events

As the football season kicks off, cybersecurity concerns are taking center stage, affecting not only football but also other live sporting events like hockey, soccer, basketball, and baseball. The Hacker News recently reported that Microsoft has issued a warning about the increasing threat posed by malicious cyber actors to stadium operations.

According to Microsoft, the cyber risk surface of live sporting events is expanding rapidly, making anyone involved with such events potential targets. This includes teams, corporate sponsors, municipal authorities, third-party contractors, coaches, athletes, and even fans, who can be vulnerable to data loss and extortion.

Microsoft’s threat briefing highlights that venues and arenas, which host these events, have numerous known and unknown vulnerabilities that can be exploited by cyber threats. These vulnerabilities can target critical business services such as point-of-sale devices, IT infrastructures, and visitor devices. The level of cyber risk varies depending on factors like location, participants, size, and composition of each event.

The cybersecurity concerns extend beyond the arena, as evidenced by last year’s World Cup in Qatar, where Microsoft detected attempts to access the systems of nearby medical facilities meant to provide care for fans, staff, and players if needed.

Specific areas of concern for facilities include connected video boards, digital signage, point-of-sale systems, and stadium access infrastructure equipment, which could encompass gates, turnstiles, elevators, and escalators. Addressing these threats largely falls to the responsibilities of facilities and teams, in collaboration with cybersecurity teams.

Microsoft offers some cybersecurity recommendations for attendees at live sporting events, encouraging them to:

  1. Secure their apps and devices with the latest updates and patches.
  2. Avoid accessing sensitive information from public Wi-Fi.
  3. Exercise caution with links, attachments, and QR codes from unofficial sources.

In conclusion, while enjoying live sporting events, attendees are urged to remain vigilant about cybersecurity to ensure a safe and enjoyable experience.

Get the latest security news and deals