Apple has been sending silent threat notifications to users to let them know their phones may be under suspected mercenary spyware attack. This has proved to be a crucial step in helping at-risk individuals protect themselves from advanced cyber threats.

These alerts target a very small number of users who are regularly in the crosshairs of state-sponsored spyware, such as Pegasus from the NSO Group, like journalists, human rights defenders, politicians, and other high-profile individuals.

How Apple’s threat notifications work

When Apple detects activity consistent with spyware attacks, it notifies affected users via email, iMessage, and a prominent alert on account.apple.com. These notifications, first detailed in a 2021 Apple support document, have become a key tool in spyware accountability.Though most people will never receive an alert like this, Apple issues these notifications only to a select group of users, ensuring they are based on high-confidence threat intelligence. To maintain the integrity of its system, Apple refrains from disclosing specific details about the attackers or the regions involved, in order to prevent providing any insights that could help evaders bypass detection.Users are invited to contact a nonprofit, Access Now’s Digital Security Helpline, for individualized security advice after being notified (as reported by Lorenzo Franceschi-Bicchierai with TechCrunch). Apple will not perform forensic investigations on its own—a task that many cybersecurity experts have argued should be left to nonprofits anyway.

Lockdown Mode: An important additional layer of protection

To protect against spyware attacks, Apple recommends enabling Lockdown Mode, an opt-in security feature introduced in iOS 16. Lockdown Mode blocks or limits device functionality often exploited by spyware; these include limits on link previews and attachments in messaging apps.

Apple has said it is not aware of any spyware infections that have been successful against users who have had Lockdown Mode turned on.

Apple’s continuing efforts

Since 2021, Apple has sent Threat Notifications to users in over 150 countries, which shows the breadth of mercenary spyware. The company continues to invest in its Private Cloud Compute system to track and detect threats and in improving tools like Lockdown Mode.

Critics like Eva Galperin of the Electronic Frontier Foundation believe Apple can go further by publishing threat reports and filing more lawsuits against spyware makers. But even so, Apple’s work so far marks a change for the company, one in which it’s “committed to protecting users who may be personally targeted by some of the most dangerous cyberthreats,” according to spokesperson Nadine Haija.

How to stay protected

Apple encourages all users to take the following steps to protect against general cyber threats:

  • Keep devices updated with the latest software.
  • Enable two-factor authentication.
  • Use strong, unique passwords.
  • Install only from App Store.
  • Do not click on any links or open attachments from an unknown sender.

Locking down and reaching out for help from organizations like Access Now is crucial for those who suspect they may be a target of spyware.As spyware attacks become more sophisticated, Apple’s threat notifications and security features are an important line of defense. By notifying users and providing access to expert resources, Apple is setting the bar for how tech companies can begin to respond to a rising tide of digital threats.

#Apple #issues #spyware #threat #alerts #highrisk #users

Leave a Reply

Your email address will not be published. Required fields are marked *