Apple will warn users who are exposed to attacks by state-sponsored spyware

AppleInsider is supported by its audience and can earn a commission as an Amazon Associate and associate partner for eligible purchases. These affiliate partnerships do not affect our editorial content.

As part of Apple’s state-sponsored anti-spyware initiative, or surveillance and tracking of Apple device owners, the company is introducing a system that will alert users when they are believed to be the target of such attacks.

Apple announced on Tuesday that it has filed a lawsuit against the NSO Group and its parent company for creating and installing Pegasus spyware.

Reportedly developed to help with law enforcement campaigns, Pegasus relies on vulnerabilities, such as the now patched FORCEDENTRY exploitation, to install a surveillance package that can grant access to iOS and Android devices ’microphones and cameras, as well as onboard data. The tool is being sold – allegedly indiscriminately – to governments with poor human rights experience, who have used it in the past to track journalists, activists, researchers, politicians and other stakeholders.

Apple said it was informing “a small number of users” who were targeted by FORCEDENTRY and promised to continue to warn customers if and when future attacks are detected.

“Each time Apple detects activity that is consistent with a state-sponsored spyware attack, Apple will notify affected users in line with industry best practice,” the company said.

The system is already active, as a Reuters a report on Wednesday detailing warning messages sent to at least six Thai activists and researchers.

Apple explains the threat notifications in the support document. While the inherent nature of state-sponsored attacks – costly, complex and highly targeted – prevents most users from being exposed, Apple says that if one of its customers is affected, they can expect to be notified in two ways: a prominent warning notice shown at the top of the Apple ID website and alerts sent via email and iMessage to the address and phone number associated with the Apple ID.

Notifications will never require users to click on links, open files, install applications or profiles, or provide their Apple ID password or verification code via email or phone, the company said. Those who receive a threat notification can verify its authenticity by visiting the Apple ID portal, where an identical alert will appear if the message is genuine.

The technology giant admits that false alarms are possible and that the system may not detect all attacks. As a precaution, users are encouraged to follow these best practices:

  • Update your devices to the latest software, as this includes the latest security updates
  • Password protect devices
  • Use two-factor authentication and a strong Apple ID password
  • Install apps from the App Store
  • Use strong and unique online passwords
  • Do not click on links or attachments from unknown senders

In addition to the intelligence service, Apple provides technical, intelligence, and engineering assistance to Citizen Lab, the group that first identified FORCEDENTRY, and will offer the same assistance to similar security research organizations. The company also donates $ 10 million and any damages received in a lawsuit against NSO organizations to research and advocate cyber-surveillance.

Source link

Naveen Kumar

Friendly communicator. Music maven. Explorer. Pop culture trailblazer. Social media practitioner.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button