An account of Apple's efforts in Paris to crack down on its own security reveals that the iPhone maker will stop at nothing to prevent tools like Pegasus from accessing vulnerable user data. Faced with threats like Pegasus and hacking attempts by state actors, Apple has had to tighten its security measures over the years. In addition to its efforts to keep iOS and other operating systems secure, Apple has introduced a lockdown mode and issued warnings about potential hacker targets.


The Independent's reporting on Apple's security efforts details some of the company's attempts to counter threats against journalists, activists and politicians. While software is where most developers work, many jobs also involve hardware.

The work Apple engineers are doing in Paris, including on hardware that has not yet been launched, involves using a variety of techniques to breach device security. These attempts include the use of lasers and other "sophisticated sensors" because the hardware needs to be as safe as possible before it is released.

The rationale for this is that while software can be updated with security fixes, the device cannot go through the same process without a physical swap. Testing attempts to determine whether the hardware itself has the potential to inadvertently compromise security and to eliminate these weaknesses.

Apple's Paris-based engineer is described in the report as "perhaps the most capable and well-resourced Apple hardware hacker in the world." Apple, in turn, said it believed its efforts were being successful, but that efforts to crack such security would only force people to use more security programs.

The ongoing digital arms race

Ivan Krstic, director of security engineering and architecture at Apple, said: "I think what's happening now is that there are more and more avenues for attack. This is partly a result of the wider application of technology."

"As more and more technologies come into use, that creates more opportunities for more hackers to develop some expertise and pick a niche that they want to spend their time attacking," Krstic said. Data breaches have exploded over the past decade, with the number of attacks more than tripling between 2013 and 2021.

"During the same amount of time, some other attackers have been pursuing new types of attacks or different types of attacks -- against devices, against IoT devices, against anything that's connected to the internet in some way."

According to Krstic, "The essence of the security struggle is to continually advance defenses and stay ahead of not only where attacks are now but where they will be in the future. There are two reasons to invest heavily in security. One is that because today's sophisticated attacks are likely to trickle down and become more widespread, there is a need to understand these threats in order to have an opportunity to build defenses against future variants. Even so, this is the smaller of the two reasons. When we see some When we see how state-level spyware is being abused, we see the people who are targeted by it - they are journalists, diplomats, people who are fighting to make the world a better place. We believe it is wrong for these users to have the same trustworthy security technology and the ability to communicate securely and freely as our other users. This is not a business decision."

In situations where Apple might be confronting governments or major institutions, Krstic doesn't think Apple is confronting those entities through its work. "But we do feel we have a responsibility to protect our users from threats, whether they're mundane threats or, in some cases, really serious threats."

Comment on sideloading

The interview briefly touched on sideloading and Apple's Digital Markets Act headaches with other app stores. Although the European Commission's original intention is to make competition fairer and give users more choices, Krstic strongly opposes it.

The security director believes that giving people more choices, whether to use a third party or continue to be protected by the App Store, is a false proposition.

"The reality that comes with alternative distribution requirements is that the software that European users need to use - sometimes business software, sometimes personal software, social software, things they want to use - may only be available through alternative distribution channels outside of stores," Krstic said. "In that case, those users don't have the option of getting the software from a distribution mechanism that they trust. So, in effect, users simply don't have the option to continue to get all their software from the App Store."