Before the election, US Vice President and former presidential candidate Kamala Harris' cybersecurity team asked Apple for help; According to Forbes.After a tool designed to detect spyware on iPhones was found on two devices owned by campaign workers. According to Forbes, Apple refused to illegally analyze the phones.
The company's response comes as no surprise to digital protection providers working with vulnerable people who are often targeted by spyware.
In the last few years, Apple has been. Sending notifications. warning victims and targets of government spyware that they may be hacked; Directed to get help.. Importantly, Apple did not say which targets to contact with its own security engineers. Nonprofit Join Now!They run a digital helpline for civil society organizations that suspect they are targets of government spyware.
“Apple has discovered that you have been targeted by a soldier spyware attack that is attempting to remotely compromise the iPhone associated with your Apple account,” reads a recent alert shared by Access Now and TechCrunch. “Who are you or why is this attack targeting you specifically? While it is impossible to be absolutely certain when such attacks will be detected, Apple has high confidence in this warning — please take it seriously.”
Apple seems to be abandoning its responsibility to protect its users, but human rights defenders; Cybersecurity experts who work with journalists and the opposition generally agree that Apple's approach to warning victims of spyware attacks is correct.
contact us
Do you have more information about government spyware and its makers? from a non-working device; You can securely contact Lorenzo Franceschi-Bicchierai on Signal at +1 917 257 1382; or via Telegram and Keybase @lorenzofb; Or Email. You can also reach out via TechCrunch. SecureDrop.
“These warnings are a game changer for spyware accountability research,” said John Scott-Railton, senior researcher at Citizen Lab, a nonprofit that investigates spyware.
“When we look back over the past few years, we see many of the most important issues we know. Poland, ThailandA lot. others – started with a notification from Apple,” Scott-Railton said.
For spyware investigators, Apple sharing spyware notifications with victims is a turning point. Before receiving notices; “We're in the dark, not knowing who to check,” said Natalia Krapiva, Access Now's legal counsel.
“I think it's one of the greatest things that's happened in the field of forensics and sophisticated spyware hunting,” Krapiva told TechCrunch.
Now when you get a notification from someone or a group of people from Apple; It alerts them that someone is targeting them on their device and they need to get help. And Apple tells you exactly where to get them. That's because Access Now's helpline is the right place to go, says Scott-Railton, “because the helpline does a good, systematic job of triage and support.”
Krapiva said the helpline, staffed by others who work in other departments of the nonprofit, is staffed by more than 30 people. So far through 2024, Access Now has received 4,337 tickets through the helpline, Krapiva said.
Scott-Railton, Krapiva and security expert Runa Sandvik; She runs her own digital security consultancy, Granitt. All agreed that Apple, which has protected vulnerable people and journalists for a decade, should temporarily stop investigating individual attacks after notifying victims.
“Big tech companies don't want to get into the business of doing forensics on people's devices or accounts,” Sandvik told TechCrunch. “I think it should stay separate.”
Eva Galperin, director of cybersecurity at the nonprofit Electronic Frontier Foundation, said Apple could still do more to combat spyware.
“(Apple) can write more detailed reports and file more lawsuits. These things take a lot of money that NGOs don't have and telemetry NGOs don't have,” Galperin told TechCrunch.
On its official page About the spy software, which Apple last updated in October, it said it had sent notifications to users in more than 150 countries since 2012.
Apple spokeswoman Nadine Haija told TechCrunch that “the vast majority of users are not victims of such attacks, and we deeply sympathize with the minority of users, and we work tirelessly to protect them.” Apple devices with Lockdown Mode have no known spyware. “Our security teams are constantly working to track down professional spyware attackers, and we send threat alerts to help inform and assist customers who we believe have been individually targeted.”
For anyone notified by notification; Apple tells these targets and victims of spyware to update their iOS software and all their apps. Apple recommends the user to turn on Lockdown Mode, an iOS security feature. It has stopped spyware attacks in the past. By limiting device features that are often exploited to plant spyware. Apple It said last year that it had not been aware of a successful spyware infection. Against someone using Lockdown Mode.
Scott-Railton calls Lockdown Mode “a game-changer in increasing the security of people's devices, especially those at risk.”
TechCrunch spoke to all the experts. It is highly recommended to turn on the Lockdown mode. If you think you might be a target; Especially if you are a journalist, If you are a human rights defender or opposition.
If you get a notification from Apple, take it seriously.