Apple will warn you of a suspected hacking attack
Update, Dec. 21, 2024: This story, originally published Dec. 20 now includes advice for checking to determine if your iPhone has been infected by spyware.
Apple has been sending users warnings of suspected spyware attacks by way of an iPhone hacking notification system for years. The chances are that you didn’t know, especially if you’ve never received one. Here’s another surprise: Apple doesn’t offer to help but directs the victims to a non-profit organization instead. Here’s what you need to know.
If you were to get a notification from Apple warning you that spyware hackers were targeting your iPhone, you’d rightly be more than a little concerned. But how about if that warning didn’t offer direct help from Apple itself but rather directed you toward a non-profit organization for advice instead? That, not would appear, iOS precisely what has been happening according to a new report published in TechCrunch. An example of just such a notification was shared with the publication: “Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple Account. This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning — please take it seriously.”
In a posting explaining the system, Apple said: “Since 2021, we have sent Apple threat notifications multiple times a year as we have detected these attacks, and to date we have notified users in over 150 countries in total.”
Confirming that the vast majority of iPhone users will, thankfully, never see such a notification, Apple explained that the notifications are designed to “inform and assist users who may have been individually targeted by mercenary spyware attacks,” and, importantly, have been so targeted “likely because of who they are or what they do.” With these kind of spyware hacking attacks being “vastly more complex” than your standard cybercriminal activity, and most consumer-facing malware, Apple said, “mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices.”
The notifications themselves come in two parts: a threat notification after the user signs into their Apple account page and a combination of email and iMessage notifications sent to the addresses and phone numbers associated with that account.
As already stated, unless you are in a particularly vulnerable occupation and/or have access to highly sensitive data, it is highly unlikely that you will be targeted by spyware. That doesn’t mean the chances are zero, however, so being able to quickly check your iPhone for any signs of such malicious activity is a recommended bit of knowledge to possess.
As my colleague Kate O’Flaherty recently reported, always keeping your iPhone “up to date with the latest software and restart your iPhone regularly, as this can disrupt spyware’s access to your device temporarily,” is good advice. As is using an app to run a quick check. One option is iVerify which has been around for the longest time, but I’ve been trying out a newer alternative. The standalone on-premises version of the Am I Secure? app is that is used by government clients to “ensure no device data at all, even if not sensitive or private, leaves government control and that they control all discoveries of spyware, such as which users were hit and when, for political and investigatory reasons,” Colin Caird, the founder of Numbers Station which developed the app, said.
The consumer version is very easy to use, with installation taking moments and a standard scan just a few seconds. The app is capable of detecting “even nation-state level implants or spyware like NSO Group’s Pegasus,” Caird said, and provides “the same level of detection capabilities as our government clients.” Although the app is free to use for standard scanning, to use the advanced scanning functionality requires a subscription. There’s no access to contacts, camera, microphone etc required, although for the advanced scan Am I Secure? does require you to run an iPhone system diagnostic and share that with the analyzer servers running an AI-powered analysis. This looks for:
So far, I must say, I’m very impressed with the capabilities of this app. See the screenshot below for an idea of the information presented to the user. However, “we recommend users that have a compromise and work in media or human rights contact Access Now, Amnesty Tech or Citizen Lab to perform the forensic work required to determine the vulnerabilities that were exploited,” Caird still concluded.
Am I Secure? app checks for spyware at a forensic level
I have reached out to Apple for clarification as to why iPhone users are directed to contact a non-profit organization, Access Now, rather than its own security engineers.
One Community. Many Voices. Create a free account to share your thoughts.
Our community is about connecting people through open and thoughtful conversations. We want our readers to share their views and exchange ideas and facts in a safe space.
In order to do so, please follow the posting rules in our site’s Terms of Service. We’ve summarized some of those key rules below. Simply put, keep it civil.
Your post will be rejected if we notice that it seems to contain:
User accounts will be blocked if we notice or believe that users are engaged in:
So, how can you be a power user?
Thanks for reading our community guidelines. Please read the full list of posting rules found in our site’s Terms of Service.
Leave feedback about this