iOS 26 Update Complicates Pegasus Spyware Detection
A recent update to iOS 26 by Apple is raising concerns within the digital security community. A report from iVerify reveals a significant technical change: the operating system now rewrites the system log file, specifically the shutdown.log, every time an iPhone restarts. This contrasts with previous versions of iOS, which appended new entries to the existing log.
The Implications for Digital Forensics
This alteration, whether intentional or not, poses a challenge for digital investigators. The shutdown.log file has been a crucial resource for identifying traces of spyware like Pegasus and Predator. These malicious programs often leave digital footprints in system files, which forensic analysis can use to determine the timing and nature of infections. However, the new approach in iOS 26 erases these historical records, potentially hindering investigations.
How the Change Affects Detection
iVerify’s analysis indicates that the complete rewriting of the file with each restart eliminates previous entries. This loss of historical data removes key indicators used to detect past breaches or activities of spyware. In the past, programs like Pegasus attempted to delete or manipulate this file as part of their anti-forensic measures, but they still left detectable traces. Now, with the system itself recreating the file from scratch, these traces are permanently removed, complicating digital forensic processes and weakening experts’ ability to analyze infected devices.
A New Challenge for Security Experts
The report emphasizes that this change in how iOS 26 manages system logs presents a new challenge for digital security experts. It underscores the need to develop new tools and methods to preserve digital evidence and ensure the ability to track future hacking attempts. The modification effectively conceals evidence of past infections, making it harder to determine if a device has been compromised by sophisticated spyware.
Source: Annahar
About the Author
