Apple Outlines How It Will Notify Users Who Have Been Targeted by State-Sponsored Spyware Attacks

Earlier today, Apple announced that it had filed suit against NSO Group, the firm responsible for the Pegasus spyware that has been used in state-sponsored surveillance campaigns in a number of countries. NSO Group seeks to take advantage of vulnerabilities in iOS and other platforms to infiltrate the devices of targeted users such as journalists, activists, dissidents, academics, and government officials.

As part of its announcement, Apple revealed that it is notifying the "small number of users" who have been targeted via the FORCEDENTRY exploit for a now-patched vulnerability that allowed Pegasus to be installed on their devices. Apple also said that it will continue to notify users it believes have been targeted by state-sponsored spyware attacks "in accordance with industry best practices," and the company has now shared a new support document outlining how it will notify those users.

Notifications will be delivered to affected users via email and iMessage notifications to the addresses and phone numbers associated with the users' Apple IDs, with the notifications providing additional steps users can take to protect their devices. A prominent "Threat Notification" banner will also be displayed at the top of the page when affected users log into their accounts on the Apple ID web portal.

Users will never be asked to click links or install apps via the email and iMessage notifications, so users receiving notifications should always log into their ‌Apple ID‌ accounts on the web to verify that threat notifications have been issued for their accounts and to learn what to do next.

Apple acknowledges that there may be some false alarms with its notifications and that some attacks may go undetected, as it is facing constantly evolving tactics from state-sponsored attackers. Apple's threat-detection methods will similarly evolve, and so the company will not be sharing information on its methods to hinder efforts by attackers to evade detection.

Regardless of whether or not you receive a threat notification from Apple, the company advises all users to take the following steps to secure their devices:

Update devices to the latest software, as that includes the latest security fixes

Protect devices with a passcode

Use two-factor authentication and a strong password for ‌Apple ID‌

Install apps from the App Store

Use strong and unique passwords online

Don’t click on links or attachments from unknown senders

Finally, Apple shares a list of emergency resources at the Consumer Reports Security Planner website for those users who have not received an Apple threat notification but believe they may have been targeted by state-sponsored attackers to obtain expert assistance.

Tag: security

This article, "Apple Outlines How It Will Notify Users Who Have Been Targeted by State-Sponsored Spyware Attacks" first appeared on MacRumors.com

Discuss this article in our forums