Apple will alert users exposed to state-sponsored spyware attacks

article thumbnail

AppleInsider is supported by its audience and can earn commission as an Amazon Associate and affiliate partner on qualifying purchases. These affiliate partnerships do not affect our editorial content.

As part of Apple’s initiative to combat state-sponsored spyware, or more specifically surveillance and surveillance of Apple device owners, the company is introducing a system that will alert users when they are thought to be the target of such attacks.

On Tuesday, Apple announced that it was suing the NSO Group and its parent company for the creation and implementation of the Pegasus spyware.

Apparently designed to help with law enforcement campaigns, Pegasus relies on vulnerabilities, such as the now patched FORCEDENTRY exploit, to install a surveillance package capable of providing access to iOS and Android device microphones and cameras, as well as built-in data. The tool is sold – allegedly arbitrarily – to governments with poor human rights performance, which have previously used it to monitor journalists, activists, researchers, politicians and other interested targets.

Apple said it was alerting a “small number of users” targeted by FORCEDENTRY and promised to continue to warn customers if and when future attacks are detected.

“Whenever Apple detects activity in accordance with a state-sponsored spyware attack, Apple will notify affected users in accordance with industry best practices,” the company said.

The system is already active, as one Reuters report Wednesday detailed alarm messages sent to at least six Thai activists and researchers.

Apple explains threat messages in a support document. While the inherent nature of state-sponsored attacks – expensive, complex and highly targeted – prevents most users from being exposed, Apple says that if one of its customers is affected, they can expect to be informed in two ways: a prominent warning message displayed at the top of the Apple ID site and alerts sent via email and iMessage to the address and phone number associated with an Apple ID.

Messages from Apple will never ask users to click on links, open files, install apps or profiles, or provide their Apple ID password or verification code via email or on the phone, the company says. Those who receive a threat message can verify its authenticity by visiting the Apple ID portal, where an identical alert is displayed if the message is genuine.

The technology giant recognizes that false alarms are possible and that the system may not detect all attacks. As a precautionary measure, users are encouraged to follow these best practices:

  • Update devices to the latest software as it includes the latest security fixes
  • Protect devices with a password
  • Use two-factor authentication and a strong Apple ID password
  • Install apps from the App Store
  • Use strong and unique passwords online
  • Do not click on links or attachments from unknown senders

In addition to the notification service, Apple provides technical, threat intelligence, and technical assistance to Citizen Lab, the group that first identified FORCEDENTRY, and will offer the same assistance to similar security research organizations. The company is also donating $ 10 million and any damages gained in the case against NSO to cyber-surveillance research and advocacy companies.


Please enter your comment!
Please enter your name here