Updated: November 25, 2021 11:08:41 am
Apple is issuing threat notifications to users who it believed were victims of ‘state-sponsored attacks’. It has also published a support page about what this notification will look like for users. The news comes after Apple filed a lawsuit against the Israeli NSO Group for targeting US citizens by hacking into iPhones. Another report by Reuters has also stated that Apple has issued warnings for activists in Thailand, stating that they were likely the victims of a state-sponsored attack.
Earlier this year an investigation by Amnesty International and the Citizen Lab revealed that Pegasus spyware was able to hack into iPhones and Android devices of several journalists, activists, and government critics, across the world. Project Pegasus showed how iPhones in particular were targeted by the spyware and that iMessage was particularly vulnerable. Apple later issued software updates to fix several of the flaws.
With regard to Apple’s threat notifications, the support page says it is “designed to inform and assist users who may have been targeted by state-sponsored attackers.”
State-sponsored attackers are different from regular cyber-criminals. Here, an enemy state, or very often the victim’s nation-state is believed to be targeting the user, because they are perceived as a threat. Apple says that these “users are individually targeted because of who they are or what they do.”
But most importantly “state-sponsored attackers apply exceptional resources to target a very small number of specific individuals and their devices, which makes these attacks much harder to detect and prevent,” adds the page. In the case of Pegasus, each license is believed to cost 100,000s of dollars and it is not something that can be deployed by any regular cyber-criminal. Pegasus is also a cyber weapon and can only be sold to governments.
Apple is notifying victims of state-sponsored attacks in two ways:
* A Threat Notification is displayed at the top of the page after the user signs in to the appleid.apple.com website.
* Apple sends an email and iMessage notification to the email addresses and phone numbers that are associated with the user’s Apple ID.
Apple also states that its “threat notifications will never ask you to click any links, open files, install apps or profiles, or provide your Apple ID password or verification code by email or on the phone.” So if you see any threat notification claiming to be from Apple, asking you to click on a link or install an app, it is best to ignore it. This is likely a phishing attempt of som sort.
In order to verify that an Apple threat notification is genuine, users should sign in to appleid.apple.com. If Apple has sent the threat notification, it will be clearly visible at the top of the page after you sign in, as you can see in the screenshot above.
Apple has also listed some basic tips to keep in mind to keep your device and account safe from cybercriminals in general. These are:
*Update devices to the latest software, as that includes the latest security fixes to any vulnerability that was being exploited by attackers
* Users are also advised to protect devices with a passcode
*Using two-factor authentication and a strong password for Apple ID is also recommended
*Apple also states that users should only install apps from the App Store
*Further, they should not click on links or attachments from unknown senders
Apple also says that those who believe they were likely targeted by state-sponsored attackers or require emergency cybersecurity assistance for other reasons, should enlist expert help as well.
📣 The Indian Express is now on Telegram. Click here to join our channel (@indianexpress) and stay updated with the latest headlines
- The Indian Express website has been rated GREEN for its credibility and trustworthiness by Newsguard, a global service that rates news sources for their journalistic standards.