As Opposition Attacks Govt Over Apple Hacking Alert, Here's How The Tech Giant's Threat Notification Works

Apple has issued warnings to opposition leaders, journalists, and researchers in India about potential state-sponsored attacks aimed at compromising their iPhones.

These alerts come a year after a committee of experts appointed by the Supreme Court of India found no conclusive evidence of Pegasus spyware on 29 analysed phones.

In July 2021, a consortium of media outlets and investigative journalists reported that the phones of Indian ministers, politicians, activists, businessmen, and journalists were among the 50,000 selected for potential infection with the Pegasus malware.

Following these revelations, Apple took legal action against the Israeli maker of Pegasus, the NSO Group, and introduced its threat notification system to alert users when state-sponsored attackers may have targeted their devices.

Apple's notification system sends emails and messages to the addresses and numbers associated with users' Apple IDs.

It also displays a "Threat Notification" banner in red at the top of the page when the user signs in at applied.apple.com.

This banner includes the date the notification was sent via email and iMessage to verify its authenticity.

However, Apple acknowledges that not all notifications are foolproof due to the sophistication of state-sponsored attacks. Some notifications might be false alarms, while some attacks may go undetected.

Apple detects these attacks using threat intelligence signals but refrains from disclosing the specific methods to avoid aiding state-sponsored attackers in adapting to evade detection in the future.

To identify fake threat notifications, Apple advises users to be cautious of malicious links in SMS, email, or messaging apps.

Legitimate Apple threat notifications do not contain any links, and Apple never asks users to install apps or provide Apple ID passwords or verification codes by email or phone. Any URLs provided by Apple are spaced out to discourage users from clicking on malicious links.

Apple further notes that state-sponsored attacks are typically complex and costly, requiring substantial resources. Most individuals will never be targeted by such attacks.

Those at higher risk include politicians, human rights activists, journalists, or vocal critics of governments, as these attackers are often backed by nation-states.

To avoid being targeted, Apple recommends basic cyber hygiene practices such as keeping devices and apps updated, using strong passcodes and unique passwords, enabling multi-factor authentication, avoiding sideloading apps, and refraining from using the same password across multiple services.

Apple introduced lockdown mode in September 2022 to enhance security, which restricts certain app features to reduce the attack surface for potential threats.

State-sponsored attacks are highly sophisticated, expensive to develop, and typically have a short shelf life, making them challenging to detect and prevent. The vast majority of users are unlikely to be targeted by such attacks.