New Delhi:
Months after several opposition leaders claimed they had received messages warning of “state-sponsored” hackers trying to access their iPhones, the tech giant has sent a “mercenary” alert to its users in 92 countries, including India. The message was sent late last night.
An Apple statement on the report also mentions Pegasus spyware, which caused a political firestorm in 2021 over allegations that opposition leaders were among those spied on. Following Pegasus developer NSO Group's statement that its customers are only vetted governments and their agencies, the Opposition had asked the Center to clarify the issue. A Supreme Court panel did not find the spyware in the phones of the 29 complainants in the case.
“Mercenary Spyware”
Apple's statement said the notifications are intended to inform and assist users who may have been individually targeted by mercenary spyware attacks, “likely because of who they are or what they do.”
“Such attacks are far more complex than regular cybercriminal activity and consumer malware, because spyware-for-hire attackers deploy exceptional resources to target a very small number of specific individuals and their devices. Spyware-for-hire attacks cost millions of dollars and often have a short shelf life. making them much harder to detect and prevent. The vast majority of users will never be targeted by such attacks,” the report said.
Apple said such attacks have “historically been associated with state actors, including private companies that develop mercenary spyware on their behalf, such as NSO Group's Pegasus.”
“Although deployed against a very small number of individuals – often journalists, activists, politicians and diplomats – mercenary spyware attacks are ongoing and worldwide. Since 2021, we have sent Apple threat notifications several times a year as we detected these attacks, and to date we have notified users in a total of more than 150 countries,” the report said.
How Apple Notifies Users
Detailing how it notifies users suspected of being victims of a mercenary spyware attack, the tech giant said: “A threat notification will be displayed at the top of the page after the user logs into appleid.apple.com .Apple will send an email and an iMessage notification to the email addresses and phone numbers associated with the user's Apple ID.”
The notifications offer additional steps users can take to protect their devices, including enabling a “Lockdown Mode.”
Apple said it relies on internal threat intelligence and research to detect such attacks. “While our research can never provide absolute certainty, Apple threat alerts are highly reliable warnings that a user has individually been targeted by a mercenary spyware attack and should be taken very seriously.”
What must we do
An Apple threat notification email obtained by NDTV details what to do if a user has received such a warning. “Apple recommends that you take these actions immediately: Enable Lockdown Mode on your iPhone right now in Settings > Privacy & Security > Lockdown Mode. It takes just a moment to enable this feature and provides the strongest protection for users like you who have been individually targeted by the most advanced digital threats.”
The to-do list also prompts the user to update the iPhone to the latest iOS version and also update any other Apple devices he/she is using. The user is also advised to enable Lockdown Mode on any Mac or iPad he/she is using. The user is also advised to seek expert assistance through the Digital Security Helpline of the non-profit organization Access Now.
More guidelines
Some mercenary spyware attacks require no interaction from you, according to Apple, while others rely on you clicking a malicious link or opening an attachment in an email, text message or other message. “These attempts can be quite convincing, ranging from fake package tracking updates to tailor-made, emotional calls claiming that a named family member is in danger. Be careful with any links you receive and do not open any links or attachments from an unexpected source or unknown senders.”
The tech giant also said that if a user has not received a threat notification but has “good reason to believe” he/she may be targeted, “you can enable Lockdown Mode on your Apple devices for additional protection” .
“Mercenary spyware attackers are often persistent and will likely try to reach you through other channels, devices, and accounts not associated with Apple. Experts can provide the best advice for your specific situation, but if you are unable to expert, such as As an extra precaution, you can change your passwords for any sensitive websites and services you've accessed from your iPhone. If these attacks were successful in compromising your iPhone, they may have stolen your login credentials for other services” , the report said.