Pegasus on iPhones: Apple only detects half of the cases Apfelpatient

NSO's Pegasus spyware is one of the most dangerous threats for iPhone users. Without your intervention, it can take over your device and read almost all of the data stored on it. Apple tries to detect infected iPhones and warn affected users, but new research shows that only around half of the infections are even detected. This means that many users are unaware of possible surveillance.

Apple has integrated a detection method into iOS to identify Pegasus attacks, even if the specific vulnerabilities are still unknown. The company sends warnings to users who it believes are likely to be infected. But how reliable is this system? A new analysis shows that Apple's detection only works in about 50 percent of cases. A security firm has found that many users are infected with Pegasus but never received a warning. This means that the risk remains for many iPhone owners.

How Apple plans to detect Pegasus infections

Apple has integrated mechanisms into iOS to detect suspicious activity and provide clues about a Pegasus infection. If Apple believes your iPhone is affected, it sends a warning. Last year, users in 98 countries were notified about this. informedthat they may have been the victim of a spyware attack. The company stresses that these warnings are not absolute certainties, but a strong suspicion based on the data available. Apple is actively cracking down on spyware vendors like NSO while also working to close the vulnerabilities that Pegasus exploits. Nevertheless, detection remains a major problem.

New study shows: Only half of infected iPhones are detected

A recent analysis by mobile security company iVerify showsthat Apple's detection system has significant gaps. iVerify offers an app that users can use to check their iPhone for spyware infections. The study found that Apple currently only detects about 50 percent of infections. Many users who are infected with Pegasus do not receive a warning from Apple and would have no way of knowing about it without a manual check. In detail, iVerify's scans produced the following results:

In December, 11 new Pegasus cases were discovered through user scans.
The infection rate is 1.5 detected Pegasus cases per 1,000 scans.
Many of the infected users were not warned by Apple.

Who is affected?

Until now, Pegasus was thought to be used primarily against high-profile individuals such as politicians, journalists and activists. However, current findings show that the target audience is much broader. Affected users come from a variety of backgrounds, including:

Government
finance
logistics
property

Some of them have been attacked several times over the years with different Pegasus variants. This shows that the spyware is not only used in a targeted manner, but also represents a permanent threat to many users.

Why can't Apple detect all infections?

The biggest challenge for Apple is that Pegasus exploits so-called zero-day vulnerabilities. These are unknown to Apple and therefore cannot be detected by traditional security mechanisms. iVerify emphasizes that in its analysis it only counted devices in which an infection could be proven with 100 percent certainty. The fact that many of these infected devices were not detected by Apple shows that the company is not yet able to identify all attacks.

How can you check your iPhone yourself?

Since Apple does not reliably detect Pegasus infections, there are some steps you can take to check your iPhone for spyware:

Use a security app: iVerify offers a app that you can use to scan your device.
Keep your iPhone up to date: Regular updates close known security gaps.
Avoid suspicious messages and links: Pegasus can spread through infected links and messages.
Use lockdown mode: This provides additional protection for people who are at high risk.
Pay attention to unusual behavior of your iPhone: Sudden overheating or a significantly reduced battery life can be a sign of an infection.

Apple is fighting against Pegasus – but you have to help

Pegasus remains one of the most dangerous spyware threats for iPhone users. Apple detects infections and sends alerts, but detection only works in about half of the cases. This means that many affected users are unaware of the monitoring. If you want to be sure that your iPhone is not infected, you should check your device with an external security app. In addition, regular updates and careful handling of suspicious messages are essential. Apple is working on improving its detection - but until then, the responsibility remains with you. (Photo by Unsplash+ / Getty Images)