Apple has warned a significant number of iPhone users across 98 countries that they appear to have been targeted by “mercenary spyware attacks” which could compromise almost all the personal data on their devices.
The company says it can never be 100% certain in its conclusions, but has a high degree of confidence that it is correct, and urges message recipients to take the security warning seriously …
iPhone spyware can completely compromise devices
While iPhones are very secure, there is a constant cat-and-mouse battle between Apple and companies investing millions of dollars in identifying and exploiting vulnerabilities.
The most notorious of these is NSO, whose Pegasus software is capable of getting access to almost all the personal data stored on an iPhone. The company pays very large sums to hackers who discover vulnerabilities which can be used for zero-click exploits – where no user interaction is required by the target.
Simply receiving a particular iMessage – without opening it or interacting with it in any way – can allow an iPhone to be completely compromised, without the awareness of the owner.
The company sells the software to governments, including some with very poor human rights records. These governments often target opposition politicians, human rights activists, journalists, and lawyers.
Apple detects attacks and alerts victims
Apple of course works hard to close these vulnerabilities as soon as it becomes aware of them, but this can take time.
One of the steps the company takes in the interim is to attempt to detect when an iPhone has been compromised (without necessarily knowing how this was achieved), and to alert victims.
The company initially described these attacks as state-sponsored, but changed this language earlier this year, instead using the term ‘mercenary spyware attack.’
Latest warning of ‘mercenary spyware attacks’
TechCrunch reports that Apple has just issued one of these warnings to suspected victims in a total of 98 countries.
“Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID -xxx-,” the company wrote in the warning to affected customers.
“This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning — please take it seriously,” Apple added in the text.
Victims are typically advised to use Lockdown Mode.
Apple is careful to avoid revealing anything about how it detects when an iPhone has been compromised, but it’s likely that iOS includes code which regularly checks the integrity of the protections in place. When a device fails these checks, an alert is sent to Apple, who in turn alerts the owner of the phone.
This means the company can detect that an iPhone has been compromised before it knows how this was achieved.
Photo by Jason Leem on Unsplash
FTC: We use income earning auto affiliate links. More.
