Update December 23, 2024: This article, originally published on December 21, now includes tips on how to check if your iPhone has been infected with spyware and an app called Am I Sure?There is also more data on how it works to protect governments from Spying across geographical regions on the iOS platform.
Apple has been sending users warnings about suspected spyware attacks through an iPhone hack notification formula for years. Chances are you wouldn’t know, especially if you’ve never won one. Here’s another surprise: Apple doesn’t offer support, instead directing those affected to a nonprofit organization. This is what you want to know.
If you received a notification from Apple warning you that hackers were targeting your iPhone, you’d rightly be very concerned. But what if that warning didn’t offer direct assistance from Apple itself, but instead directed you to a nonprofit organization for advice? That doesn’t seem to be the case with iOS, which is precisely what happened according to a new report published on TechCrunch. An example of such a notification was shared with the publication: “Apple has detected that you are the target of a mercenary spyware attack that is attempting to remotely compromise the iPhone associated with your Apple account. This attack is most likely aimed at you in particular because of who you are or what you do. While it is never imaginable to achieve absolute certainty in detecting such attacks, Apple has great confidence in this precaution;
In an article explaining the system, Apple said, “Since 2021, we have been sending risk notifications to Apple several times a year when we encounter those attacks, and to date, we have notified users in more than one country in total. “
Confirming that fortunately the vast majority of iPhone users will never see such a notification, Apple explained that the notifications are designed to “inform and assist users who may have potentially been targeted by mercenary spyware attacks” and, more importantly, , they were. attacked “probably because of who they are or what they do. ” Because this type of spyware attack is “far more complex” than popular cybercriminal activity and maximum consumer-targeted malware, Apple said, “mercenary spyware attackers apply exceptional resources to attack a very small number of American Express and their devices.
The notifications themselves consist of two parts: a risk notification after the user enters their Apple account page and a combination of email and iMessage notifications sent to the addresses and phone numbers related to that account.
As already stated, unless you have a vulnerable task and/or have access to very sensitive data, it is highly unlikely that you will be attacked by spyware. However, this does not mean that the chances are zero, so you can do it temporarily. It is advisable to check your iPhone for any symptoms of such malicious activity.
As my colleague Kate O’Flaherty recently reported, keeping your iPhone “up to date with the newest software and restarting it regularly, as this may temporarily disrupt spyware’s access to your device,” is smart advice. do a quick check. One option is iVerify, which has been around for longer, but I’ve tried a newer alternative. The standalone local edition of Am I Secure? The app is used by government consumers to “ensure that no knowledge about the device, even if it is not confidential or private, escapes government control and that they monitor all spyware discoveries, such as which users were affected and when, for political and investigative reasons. “” said Colin Caird, the founder of Numbers Station who developed the app.
The client edition is very simple to use: installation takes a few minutes, and popular scanning only takes a few seconds. The app is capable of detecting “even point implants from geographic regions or spyware like NSO Group’s Pegasus,” Caird said, and offers “the same point detection features as our government customers. “Although the app is easy to use for popular scans, the complex scanning feature requires a subscription. Access to contacts, camera, microphone, etc. , is not required, but for complex analytics, am I sure?requires you to run an iPhone formula diagnostic and share it with scanning servers running AI-based scanning. This seeks:
So far, I have to say that I am very inspired with the features of this app. See the screenshot below to get a concept of the data presented to the user. However, “we propose that users who have a commitment and contact Access Now, Amnesty Tech or Citizen Lab to perform the mandatory forensic paints on the vulnerabilities that have been exploited,” Caird concluded.
Am I safe? the application searches at a forensic level
As already mentioned, the query Am I sure? The Numbers Station application and other equipment are already well known to governments around the world. “Our solutions currently protect the private and state mobile devices of heads of state, prime ministers and cabinet officials countering the most complex cyber threats,” Caird said, and are in particular “used by several NATO governments. ” In addition to protecting senior managers, various security solutions developed through Numbers Station also protect company and department personnel against threats. “Our government consumers have already discovered active operations on their devices running the most recent versions of iOS,” Caird said, although it is not imaginable to provide proof of those claims due to the sensitive nature of those threats.
This is important, Caird said, because most network monitoring security solutions focus on Linux and Windows threats, and thanks to the extensive use of transport layer security certificate pinning by mobile apps there is “zero visibility of the threats” posed by iOS and iPadOS devices. Now consider that initial exploitation vectors are oftentimes delivered by way of end-to-end encrypted messaging apps and you start to realize that all these layers of encryption, while good, are also bad: from the detection of threat and compromise perspective at least.
Not, of course, that there aren’t already a number of apps and other security solutions on the market, despite what Caird said. However, he has a defense against this argument, or should that be an attack, whatever: these “cannot detect advanced implants/spyware used by nation states,” Caird said, “if they could you wouldn’t see the attacks in the news.” Partly, Caird said, this is down to the iOS sandboxing security feature which, perhaps ironically, means that most solutions cannot access the data that would be required to perform meaningful security analysis in the first place. Instead, most will just look to ensure compliance with security policies, test a device that has a passcode enabled, isn’t jailbroken and is running the very latest updated version of the operating system, is still vulnerable to nation-state threat actors as multiple headlines over the years should have taught us by now.
Numbers Station’s “standalone analyzer” for iOS/iPadOS, used by NATO governments, has evolved to meet exactly those requirements. ” The tool can run on a completely remote network, as well as on a computer without access to the external network,” Caird said, with effects tailored to other degrees of sensitivity as desired, ranging from alerts for non-expert users to cybersecurity forensic experts. The way it works is that, instead of relying on known signs of compromise, controls use diagnostic knowledge investigation formulas to uncover anomalies. ” “We don’t want a list of IoCs that are already known,” Caird said, “as they would be considered anomalous anyway. ” Staff at a government agency, for example, upload system diagnostic logs to an internal log share. Then, a batch investigation is performed daily, and the effects are reported. send internal cybersecurity experts to revision.
I have reached out to Apple for clarification as to why iPhone users are directed to contact a non-profit organization, Access Now, rather than its own security engineers.
A community. Many voices. Create a free account to share your thoughts.
Our community is about connecting people through open and thoughtful conversations. We want our readers to share their views and exchange ideas and facts in a safe space.
To do this, please comply with the posting regulations in our site’s terms of use. We summarize some of those key regulations below. In short, civilized.
Your message will be rejected if we notice that it appears to contain:
User accounts will be locked if we become aware that users are engaging in:
So, how can you be a power user?
Thank you for reading our Community Standards. Read the full list of posting regulations discovered in our site’s Terms of Use.