Apple Alerts Users of Potential iPhone Surveillance Assaults: Crucial Information to Consider
Update, Dec. 21, 2024: This information, initially published Dec. 20 now includes guidance for verifying if your iPhone has been compromised by malware.
For years, Apple has been warning users of suspected malware attacks towards their iPhones through a hacking alert system. However, many users may not be aware of this, especially those who haven't received any alerts. What's more shocking is that Apple does not provide direct support but instead guides the affected individuals to a non-profit organization. Here are the essential points to consider.
Deciphering Apple's iPhone Malware Alert System
If you received an alert from Apple warning you of potential malware targeting your iPhone, you'd undoubtedly be on edge. But what if the warning didn't provide immediate assistance from Apple but instead redirected you to a non-profit organization for advice? According to a recent report in TechCrunch, this appears to be the current practice. An example notification shared with the publication reads: "Apple has detected that you are being targeted by a mercenary spyware attack attempting to remotely compromise the iPhone associated with your Apple Account. This attack is probably aimed at you specifically due to who you are or what you do. Although it's impossible to obtain absolute certainty when detecting such attacks, Apple is confident in this warning – please take it seriously."
In a statement explaining the system, Apple stated, "Since 2021, we have sent Apple threat notifications several times a year as we have identified these attacks, and we have notified users in over 150 countries in total."
The Unlikely Chance of Receiving an iPhone Malware Warning
Apple confirms that the vast majority of iPhone users will fortunately never see such a warning. The notifications, the company explained, are designed to "inform and aid users who might have been individually targeted by mercenary spyware attacks," and, importantly, those who have been targeted "likely because of who they are or what they do." With these types of spyware attacks being "significantly more complex" than common cybercriminal activities, and most consumer-focused malware, Apple said, "mercenary spyware attackers allocate massive resources to target a minuscule number of specific individuals and their devices."
The notifications themselves consist of two parts: a threat notice after signing into your Apple account page, followed by a series of email and iMessage notifications sent to the associated addresses and phone numbers.
Detecting Malware on Your iPhone
As previously mentioned, if you're not in a particularly sensitive profession or have access to crucial information, you likely won't be the target of spyware. Nevertheless, it's essential to be able to quickly check your iPhone for any indicators of malicious activity.
As my colleague Kate O’Flaherty recently reported, perpetually keeping your iPhone up-to-date with the latest software and restarting your iPhone regularly can obstruct spyware's access to your device temporarily. Additionally, using an app to run a quick scan is recommended. One option is iVerify, which has been in use for some time, but I've been testing out a newer alternative. The standalone, on-premises version of the Am I Secure? app, used by government clients to "ensure that no device data, even sensitive or private, leaves government control, and that they control all discoveries of spyware, such as which individuals were affected and when, for political and investigatory purposes," according to Colin Caird, the creator of Numbers Station, which developed the app.
The consumer version is effortless to use, with installation taking just a few moments, and a standard scan taking only a few seconds. The app is capable of detecting "even nation-state level implants or spyware like NSO Group's Pegasus," Caird said, and offers "the same level of detection capabilities as our government clients." Although the app is free for standard scanning, advanced scanning capabilities require a subscription. During an advanced scan, Am I Secure? requires you to run an iPhone system diagnostic and share the results with the analyzer servers for AI-powered analysis. The AI looks for:
- Existing indicators of compromise that the Numbers Station threat-hunting team has previously discovered.
- Anomalies in your device's system diagnostic information that deviate from the known good or expected baseline, allowing them to be triaged for manual analysis.
So far, I must say, I'm quite impressed with the capabilities of this app. Here is a screenshot of the information presented to the user. However, "we advise users who have a compromise and work in media or human rights to contact Access Now, Amnesty Tech, or Citizen Lab to conduct the forensic analysis required to determine the vulnerabilities that were exploited," Caird still concluded.
I have reached out to Apple for clarification as to why iPhone users are directed to contact a non-profit organization, Access Now, rather than its own security engineers.
- If you receive an iPhone notification from Apple warning about potential malware targeting your device, it's crucial to take the warning seriously, as highlighted in the TechCrunch report.
- Apple's threat notifications, which have been sent since 2021 to users in over 150 countries, are intended for individuals who might be specifically targeted due to their profession or sensitive information they possess.
- In response to an inquiry about direct Apple support for iPhone users affected by malware, the company suggests contacting a non-profit organization like Access Now for advice.
- Cybersecurity experts recommend regularly updating your iPhone software and restarting your device to obstruct spyware's access temporarily, and using apps like iVerify or Am I Secure? for quick scans to detect any potential spyware or malware.
