New Delhi:
Months after several Opposition leaders claimed that they received messages warning of “state-sponsored” hackers trying to access their iPhones, the tech giant has sent out a “mercenary spyware” alert to its users in 92 countries, including India. The notification was sent out late last night.
An Apple statement on the notification also mentions Pegasus spyware, which raised a political storm in 2021 over allegations that Opposition leaders were among those snooped on. Following Pegasus developer NSO group’s statement that its clients are only vetted governments and their agencies, the Opposition had asked the Centre to come clear on the issue. A Supreme Court panel did not find the spyware in the phones of the 29 complainants in the case.
“Mercenary Spyware”
The Apple statement says the notifications are designed to inform and assist users who may have been individually targeted by mercenary spyware attacks, “likely because of who they are or what they do”.
“Such attacks are vastly more complex than regular cybercriminal activity and consumer malware, as mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices. Mercenary spyware attacks cost millions of dollars and often have a short shelf life, making them much harder to detect and prevent. The vast majority of users will never be targeted by such attacks,” it said.
Such attacks, Apple said, have “historically been associated with state actors, including private companies developing mercenary spyware on their behalf, such as Pegasus from the NSO Group”.
“Though deployed against a very small number of individuals – often journalists, activists, politicians, and diplomats – mercenary spyware attacks are ongoing and global. Since 2021, we have sent Apple threat notifications multiple times a year as we have detected these attacks, and to date we have notified users in over 150 countries in total,” it said.
How Apple Notifies Users
Detailing how it notifies users suspected to be under a mercenary spyware attack, the tech giant said, “A Threat Notification is displayed at the top of the page after the user signs into appleid.apple.com. Apple sends an email and iMessage notification to the email addresses and phone numbers associated with the user’s Apple ID.”
The notifications, it said, provide additional steps that users can take to help protect their devices, including enabling a “Lockdown Mode”.
Apple said it relies on internal threat-intelligence information and investigations to detect such attacks. “Although our investigations can never achieve absolute certainty, Apple threat notifications are high-confidence alerts that a user has been individually targeted by a mercenary spyware attack, and should be taken very seriously.”
What To Do
An Apple threat notification mail accessed by NDTV lists what’s to be done if a user has received such an alert. “Apple recommends that you immediately take these actions: enable Lockdown Mode right now on your iPhone in Settings > Privacy & Security > Lockdown Mode. This feature takes only a moment to turn on and offers the strongest protection for users like you who are individually targeted by the most sophisticated digital threats.”
The to-do list also asks the user to update the iPhone to the latest iOS version and also update any other Apple devices he/she may be using. The user is also advised to enable Lockdown Mode on any Mac or iPad he/she is using. The user is also suggested to seek expert help provided by the Digital Security Helpline of non-profit Access Now.
More Guidelines
Some mercenary spyware attacks, Apple said, require no interaction from you and others rely on tricking you into clicking a malicious link or opening an attachment in an email, SMS, or other message. “These attempts can be quite convincing, ranging from fake package-tracking updates to custom-crafted, emotional appeals claiming a named family member is in danger. Be cautious with all links you receive, and don’t open any links or attachments from unexpected or unknown senders.”
The tech giant has also said that if a user has not received a threat notification, but has “good reason to believe” that he/she may be targeted, “you can enable Lockdown Mode on your Apple devices for additional protection”.
“Mercenary spyware attackers are often persistent and will likely also try to target you through other channels, devices, and accounts not associated with Apple. Experts can provide the best advice for your specific circumstance, but if you are unable to reach an expert, as an additional precaution, change your passwords for any sensitive websites and services that you have accessed from your iPhone. If these attacks were successful in compromising your iPhone, they may have stolen your credentials for other services,” it said.