Apple Sends Spyware Victims To Nonprofit Security Lab 'Access Now' (techcrunch.com) 13
Since 2021, Apple has been sending threat notifications to certain users, informing them that they may have been individually targeted by mercenary spyware attacks. When victims of spyware reach out to Apple for help, TechCrunch reports, "Apple doesn't tell the targets to get in touch with its own security engineers." Instead, Apple directs them to the nonprofit security lab Access Now, "which runs a digital helpline for people in civil society who suspect they have been targets of government spyware."
While some view this as Apple sidestepping responsibility, cybersecurity experts agree that Apple's approach -- alerting victims, directing them to specialized support, and recommending tools like Lockdown Mode -- has been a game changer in combating mercenary spyware threats. From the report: For people who investigate spyware, Apple sharing spyware notifications with victims represented a turning point. Before the notifications, "We were just like in the dark, not knowing who to check," according to Access Now's legal counsel Natalia Krapiva. "I think it's one of the greatest things that's happened in the sphere of this kind of forensic investigations and hunting of sophisticated spyware," Krapiva told TechCrunch.
Now, when someone or a group of people get a notification from Apple, they are warned that something potentially anomalous is happening with their device, that someone is targeting them, and that they need to get help. And Apple tells them exactly where to get it, according to Scott-Railton, who said Access Now's helpline is the right place to go because "the helpline is able to do good, systematic triage work and support." Krapiva said that the helpline is staffed by more than 30 people, supported by others who work in other departments of the nonprofit. So far in 2024, Krapiva said Access Now received 4,337 tickets through the helpline.
For anyone alerted by a notification, Apple tells those targets and victims of spyware to update their iOS software and all their apps. Apple also suggests the user switches on Lockdown Mode, an opt-in iOS security feature that has stopped spyware attacks in the past by limiting device features that are often exploited to plant spyware. Apple said last year that it is not aware of any successful spyware infection against someone who used Lockdown Mode.
While some view this as Apple sidestepping responsibility, cybersecurity experts agree that Apple's approach -- alerting victims, directing them to specialized support, and recommending tools like Lockdown Mode -- has been a game changer in combating mercenary spyware threats. From the report: For people who investigate spyware, Apple sharing spyware notifications with victims represented a turning point. Before the notifications, "We were just like in the dark, not knowing who to check," according to Access Now's legal counsel Natalia Krapiva. "I think it's one of the greatest things that's happened in the sphere of this kind of forensic investigations and hunting of sophisticated spyware," Krapiva told TechCrunch.
Now, when someone or a group of people get a notification from Apple, they are warned that something potentially anomalous is happening with their device, that someone is targeting them, and that they need to get help. And Apple tells them exactly where to get it, according to Scott-Railton, who said Access Now's helpline is the right place to go because "the helpline is able to do good, systematic triage work and support." Krapiva said that the helpline is staffed by more than 30 people, supported by others who work in other departments of the nonprofit. So far in 2024, Krapiva said Access Now received 4,337 tickets through the helpline.
For anyone alerted by a notification, Apple tells those targets and victims of spyware to update their iOS software and all their apps. Apple also suggests the user switches on Lockdown Mode, an opt-in iOS security feature that has stopped spyware attacks in the past by limiting device features that are often exploited to plant spyware. Apple said last year that it is not aware of any successful spyware infection against someone who used Lockdown Mode.
Re: How do you know it is from Apple? (Score:2)
Also no word on the consequences of using lockdown mode. Will certain useful apps or services stop working?
Re: (Score:2)
While your device is in Lockdown Mode, you can exclude an app or website in Safari from being impacted and limited by WebKit restrictions. Exclude only trusted apps or websites and only if necessary.
No official word yet on the consequences of a society who can’t even bother with validating hyperlinks in a summary anymore. But there are hints every now and then..
Five Steps (Score:2)
Tinfoil-hat time (Score:4, Interesting)
"government spyware"
Spooky but nothing in the article suggests Apple fixed the relevant CVE/backdoor in the software.
Just because you're paranoid doesn't mean they're not out to get you! :)
Re:Tinfoil-hat time (Score:5, Interesting)
Apple can only fix what they know about. If a security vulnerability happens and the spyware makers keep it to themselves and not report it, Apple can't really fix it.
The ones Apple knows about have been fixed. Meanwhile, while Apple may not know how the malware got onto the device, they can certainly detect its presence if things are acting differently or if checksums stop matching.
There's a reason why malware attacks on iOS devices cost roughly $1M or so. And it's never a single cause but a whole chain of steps - I think there are some in iOS that are 20+ vulnerabilities long. Of course, if Apple were to fix any of those, it breaks the chain. But again, it requires knowing about the problem
Re: (Score:2)
Belt and suspenders
"government spyware" (Score:3)
The unnamed government is Israel.
Forbes article on detecting iOS spyware (Score:3, Interesting)
Re: (Score:2)
Forbes article recommends Am I Secure? tool on the App Store for finding spyware https://www.forbes.com/sites/d... [forbes.com]
The “tool” to find out if you’re secure or not, is marketed as that?
Even the skeptic in me, is laughing. If you gotta ask..