There is a problem with Apple’s iPhone

Apple informed 92 countries’ worth of iPhone users in April that they had been the target of spyware. The notification says, “Apple has detected that the iPhone linked to your Apple ID is being targeted by a mercenary spyware attack that is attempting to remotely compromise it.”.

Before long, people were attempting to decipher the notification on social media platforms, such as X. Although many of the people targeted were based in India, some people in Europe also claimed to have received Apple’s warning.

Not much is still known about the most recent iPhone attacks, even after several weeks. A spokesman for Apple, Shane Bauer, disputes reports made public by Blackberry, the former smartphone behemoth that is now a security company, linking them to the Chinese spyware operation known as “LightSpy.”.

Blackberry’s researchers have found that even though Apple claims the most recent spyware alerts aren’t connected to LightSpy, the malware is still a growing threat, especially to individuals who might be targeted in Southern Asia. Targeting demonstrators in Hong Kong, LightSpy—dubbed a “sophisticated iOS implant”—was first introduced in 2020. That being said, the most recent version is far more powerful than the initial one.

The researchers stated, “It is a fully-featured modular surveillance toolset that primarily focuses on exfiltrating victims’ private information, including hyper-specific location data and sound recording during voice over IP calls.”.

Apple has previously sent out similar alerts before April’s warnings. Since 2021, the manufacturer of iPhones has issued warnings to citizens in more than 150 countries as spyware continues to target well-known individuals worldwide.

Although it is relatively uncommon and costly, nation-state adversaries have the ability to weaponize spyware. Generally, when it is used, it is directed specifically towards a small number of individuals, such as government employees, businesses in particular industries, political dissidents, and journalists.

Apple stated in an advisory in April that “mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices,” making these attacks far more sophisticated than typical cybercriminal activity and consumer malware. “Mercenary spyware attacks are extremely difficult to identify and stop because they frequently have a short shelf life and cost millions of dollars. Such attacks will never target the vast majority of users. “.

Additionally, Apple claims that attacks can be successfully thwarted by its Lockdown Mode feature. Bauer states, “As we have stated previously, we are not aware of anyone using Lockdown Mode being successfully attacked with mercenary spyware.”. Spyware is still very dangerous for those who are targeted and uninformed.

Attacks without a click.

Hackers can hear everything you write on your smartphone, including messages sent through encrypted apps like Signal and WhatsApp, thanks to spyware. They are also capable of gathering passwords, tracking your location, and gathering data from apps.

Spyware was previously distributed through phishing, which required the victim to download an image or click on a link. In modern times, it can be distributed through “zero-click attacks” that install spyware on your device automatically through an iMessage or WhatsApp image.

The use of an iMessage-based zero-click exploit to target a Saudi activist was described in detail by Google Project Zero researchers in 2021. “There is no defense against a zero-click exploit; it’s a weapon against which there is no defense, short of not using a device,” the researchers cautioned.

Security company Kaspersky demonstrated the spyware infection chain using zero-click exploits via iMessage last year as part of its Operation Triangulation research.

The victim only needs to receive an iMessage with an attachment that contains a zero-click exploit. “Privilege escalation and full control over the compromised device are enabled through code execution that is triggered by the message if no further action is taken,” explains Boris Larin, principal security researcher at Kaspersky’s Global Research and Analysis Team.

He claims the message is erased automatically once the attacker makes their presence known on the device.

The ascent of Pegasus.

Pegasus is the most well-known and well-known spyware. It was created by the Israeli company NSO Group to target flaws in iOS and Android applications.

Vendors like NSO Group, who assert that they only sell exploits to governments in order to track down criminals and terrorists, are the only reason spyware exists. “Any customers—including governments in North America and Europe—agree not to disclose those vulnerabilities,” claims Trend Micro cybersecurity advisor Richard Werner.

Spyware has persisted in targeting journalists, dissidents, and protestors in spite of the claims made by NSO Group. Pegasus is said to have targeted Hanan Elatr, the wife of Saudi dissident and journalist Jamal Khashoggi, prior to his passing. Reporter Ben Hubbard of the New York Times found out in 2021 that Pegasus had targeted his phone twice.

Claude Magnin, the spouse of political activist Naama Asfari, who was imprisoned and purportedly subjected to torture in Morocco, had Pegasus silently installed on her iPhone. Pegasus has also been used against UK government officials, Russian journalist Galina Timchenko, and pro-democracy demonstrators in Thailand.

Apple brought legal action against NSO Group and its parent company in 2021, claiming that they were responsible for “the surveillance and targeting of Apple users.”. “.

Although NSO Group is still fighting to have the lawsuit dismissed, experts predict that as long as spyware vendors are able to operate, the issue will persist.

Lead privacy advocate David Ruiz of security company Malwarebytes places the blame on “the compulsive and repressive operators behind spyware, who compound its danger to society.”. “.

The depletion of spyware.

There isn’t much you can do, according to experts, to defend yourself or get your devices’ security back if a zero-click exploit is used to install spyware. Aaron Engel, chief information security officer at ExpressVPN, advises users who are targeted to completely give up on the hardware and any linked accounts. Obtain a new phone number, computer, and account, and link them all to the device with new information. “.

Although spyware detection can be difficult, certain types of infections may be indicated by unusual behavior like fast battery draining, unplanned shutdowns, or excessive data usage, according to Javvad Malik, lead security awareness advocate at security training company KnowBe4. Although some applications make the claim to be able to identify spyware, he says that the accuracy of the detection varies and that expert help is frequently required.

Battery drain, in the opinion of Chris Hauk, consumer privacy advocate at Pixel Privacy, is a reliable sign that spyware is present on your device. “The majority of spyware has not been designed to function effectively,” he claims.

According to Apple’s Bauer, such evident signs as battery drain, unexpected shutdowns, or problems with data usage have not been proven to be indicators of sophisticated mercenary spyware that targets iOS users. Since highly targeted mercenary spyware is skilled at evading detection on users’ devices, he claims that these symptoms are more indicative of commodity Android spyware.

Lookouts for uninstalled apps, browser hijack-induced forced redirects, and modified default browser or search engine settings should also be on users’ radars.

The Kaspersky team unveiled a technique earlier this year to identify telltale signs of infection from iOS spyware like Pegasus, Reign, and Predator. It works because Pegasus infections leave behind evidence in the unexpected system log, which is called Shutdown. the security firm claims that the log is kept in the sysdiagnose archive of iOS devices.

Restarting your gadget at least once a day is another precaution you can take to keep it safe. According to Larin, “this forces attackers to repeatedly reinfect, increasing the chances of detection over time.”.

In order to lessen the possibility of becoming a target of zero-click attacks, you can also disable FaceTime and iMessage. Try not to click on links that you receive in emails or other messages, and keep your device updated with the most recent software.

Crypto threat intelligence analyst at Cyjax Adam Price advises using multifactor authentication, updating to the most recent software version, and installing apps only from reputable and verified sources in order to guard against known vulnerabilities.

Helplines like Amnesty International’s Security Lab and Access Now’s Digital Security Helpline can assist you in eliminating spyware if you do end up a victim. In the meantime, you can prevent your iPhone from ever becoming infected by using Apple’s Lockdown Mode, which is surprisingly useful despite disabling some features.

Updated 4:15 PM ET on May 20, 2024: Apple disputes recent Blackberry research by telling WIRED that LightSpy did not cause its “latest threat notifications.”. Another statement from the company described as “unsubstantiated” the notion that sudden spikes in data usage, shutdowns, and battery drain are signs of a spyware infection. Further information regarding the infrequency of extremely complex spyware infections on iOS has also been added by WIRED.