How Apple will warn you if you're under state-sponsored spyware attack

What you need to know

  • Apple has issued a support document detailing how users will be informed of a potential state-sponsored attack.
  • Apple is suing NSO Group, the outfit behind Pegasus which is itself a tool used by bad actors.

"State-sponsored attackers apply exceptional resources to target a very small number of specific individuals and their devices."

Yesterday saw Apple announce that it is suing NSO Group, in part over its creation of Pegasus, a spyware tool that has been used to target politicians, journalists, and more. The company has also published a support document that highlights how it will warn people if they're thought to be under attack.

The new document, first spotted by MacRumors, outlines the security issues caused by state-sponsored spyware across Apple devices — including the new iPhone 13.

Apple threat notifications are designed to inform and assist users who may have been targeted by state-sponsored attackers. These users are individually targeted because of who they are or what they do. Unlike traditional cybercriminals, state-sponsored attackers apply exceptional resources to target a very small number of specific individuals and their devices, which makes these attacks much harder to detect and prevent. State-sponsored attacks are highly complex, cost millions of dollars to develop, and often have a short shelf life. The vast majority of users will never be targeted by such attacks.

Apple goes on to say that it will notify people that they are a target by sending them emails and iMessages, while a message will also appear when they log into their Apple ID on the Apple website. No links will be sent and no credentials will be requested.

Apple also offers some ideas for how people can try to ensure they don't fall victim to such attacks.

  • Update devices to the latest software, as that includes the latest security fixes
  • Protect devices with a passcode
  • Use two-factor authentication and a strong password for Apple ID
  • Install apps from the App Store
  • Use strong and unique passwords online
  • Don't click on links or attachments from unknown senders

Security is one of the best iPhone features that Apple isn't shy about marketing, but even iPhones aren't guaranteed to be safe from attacks like this.

Those interested in learning more, and finding out what to do if they think they're a target, can read the full support document now.

Tags
Technology