As a tech journalist, Zul focuses on topics including cloud computing, cybersecurity, and disruptive technology in the enterprise industry. He has expertise in moderating webinars and presenting content on video, in addition to having a background in networking technology.
So far, Apple has issued a new round of threat notifications to iPhone users in 98 countries, informing them that mercenary Pegasus spyware may be used on their phones.
This is the second such notification campaign from the tech giant this year, following a similar effort in April that reached users in 92 countries.
As per a support document on Apple’s website, the company has been regularly issuing these notifications since 2021, and they have resonated with users in more than 150 countries. The most recent warnings, sent out on July 10th, did not identify the attackers or the countries that received alerts; these details remained part of a delicate mix of information.
The notification sent to affected customers stated: “Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID.” The company emphasised the targeted nature of these attacks, noting, “This attack is likely targeting you specifically because of who you are or what you do.” Despite the inherent uncertainty in preventing nation-state attacks, Apple has stressed the critical importance of heeding such messages.
Pegasus, which Apple refers to as military-grade spyware used by governments to target individuals such as journalists and political activists through ‘mercenary’ hackers, is made by the Israeli company NSO Group. It is perhaps the most advanced and invasive spyware ever found in the wild because it can exploit zero-day vulnerabilities on mobile devices.
Reports indicate that users in India are among those who have received Apple’s latest threat notifications. This follows a similar incident in October when Apple sent warnings to several journalists and politicians in the country. Subsequently, Amnesty International, a prominent human rights advocacy group, reported discovering the presence of Pegasus on the iPhones of notable Indian journalists.
In its communication with affected users, Apple emphasised the sensitive nature of its threat identification methods. The company cautioned that divulging additional details could potentially aid attackers in evading future detection, underlining the delicate balance between informing users and maintaining effective security measures.
It’s worth noting that Apple has made a significant change in its terminology since last year, now opting to describe these incidents as “mercenary spyware attacks” rather than the previously used term “state-sponsored” attacks. This shift in language may reflect evolving understanding or classification of these security threats.
Apple has stated that it relies exclusively on “internal threat-intelligence information and investigations to detect such attacks,” highlighting the company’s commitment to user privacy and security.
Regardless of whether users have received a notification, all iPhone users are advised to take several precautionary measures:
- Ensure devices are running the latest software updates
- Protect devices with a strong passcode
- Implement multi-factor authentication and use a robust password for Apple ID
- Only install applications from the official App Store
- Utilise a reputable mobile security product
- Exercise caution when opening emails, messages, or tapping on links
For individuals who believe they may be at higher risk of targeted mercenary spyware attacks, Apple offers an additional layer of protection through Lockdown Mode. This feature, as reported by Malwarebytes Labs, provides enhanced security by limiting certain functionalities that could potentially be exploited by spyware.
Lockdown Mode implements several restrictive measures, including:
- Blocking most message attachments
- Preventing incoming FaceTime calls from unfamiliar contacts
- Restricting certain web technologies and browsing features
- Excluding location data from shared photos and removing Shared Albums
- Blocking wired connections when the device is locked
- Preventing auto-joining of non-secure WiFi networks
- Blocking incoming invitations from new contacts
- Restricting installation of configuration profiles often used for work or school
To activate Lockdown Mode on an iPhone or iPad, users can follow these steps:
- Open the Settings app
- Navigate to Privacy & Security
- Scroll down and select Lockdown Mode
- Tap “Turn On Lockdown Mode”
- Review the feature’s implications and confirm by tapping “Turn On Lockdown Mode”
- Select “Turn On & Restart,” then enter the device passcode
By implementing these security measures and staying informed about potential threats, iPhone users can significantly enhance their protection against sophisticated spyware attacks.