Apple's iPhone has a 'major blinking red five-alarm-fire problem with iMessage security,' according to a cybersecurity researcher

• Apple's iPhones are a lot less secure than Apple says, according to a new report.
• "Apple has a MAJOR blinking red five-alarm-fire problem with iMessage security," one cybersecurity researcher said.
• An iMessages security exploit was used by an Israeli spyware firm to give hackers access to iPhones.

Apple's iPhone isn't as secure as Apple says it is, according to a bombshell new report from a group of media outlets and Amnesty International.

"Apple has a MAJOR blinking red five-alarm-fire problem with iMessage security," Citizen's Lab Senior Research Fellow Bill Marczak said on Sunday.

Hackers were reportedly able to remotely access and replicate data from phones tied to 37 people, primarily reporters and executives, using a software tool named Pegasus created by NSO Group.

Complimentary Tech Event

Transform talent with learning that works

Capability development is critical for businesses who want to push the envelope of innovation.Discover how business leaders are strategizing around building talent capabilities and empowering employee transformation.Know More

The software is sold to governments and is considered a military-grade hacking service. With Pegasus, hackers are able to infect phones with so-called "zero-click" texts through iMessage, meaning the target user doesn't even have to interact with the text to have their phone breached.

Moreover, the report found that even the most up to date firmware and iPhone hardware can be breached by Pegasus.

Forensic reports completed by Amnesty International and verified by Citizen's Lab found that even iPhones running iOS 14.6, the latest version of Apple's mobile operating system, were susceptible to being hacked. "All this indicates that NSO Group can break into the latest iPhones," Marczak said.

One such target with an iPhone was the fiance of slain Washington Post reporter Jamal Khashoggi, according to the report. A forensic analysis of Hatice Cengiz's iPhone found evidence of multiple breaches starting in early October 2018 - immediately following Khashoggi's assassination on October 2, 2018.

"Why do people say the iPhone is the more safe phone, that no one can hack?" Cengiz asks Washington Post reporter Dana Priest in a recent PBS Frontline segment regarding the spyware. "That's what [Apple] says, the company," Priest responds. "That's not true."

Following the report, NSO Group released a statement rebuking its findings and threatening a potential lawsuit. "We firmly deny the false allegations made in their report," the statement said. "These allegations are so outrageous and far from reality that NSO is considering a defamation lawsuit."

Apple representatives didn't immediately respond to a request for comment regarding the specific iPhone security issues outlined in the report, and it's unclear if an update is coming to patch the exploit.

"For over a decade, Apple has led the industry in security innovation and, as a result, security researchers agree iPhone is the safest, most secure consumer mobile device on the market," Apple security engineering chief Ivan Krstić said in a statement to Insider. "Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals. While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data."

Read the full report on the Pegasus spyware and iPhone security right here.

Got a tip? Contact Insider senior correspondent Ben Gilbert via email (bgilbert@insider.com), or Twitter DM (@realbengilbert). We can keep sources anonymous. Use a non-work device to reach out. PR pitches by email only, please.