According to Forbes, U.S. Vice President and then-presidential candidate Kamala Harris' cyber security was compromised before the election after a tool designed to detect spyware on iPhones reported anomalies on two devices belonging to campaign staffers. The security team has asked Apple for help. According to Forbes, Apple has refused to allow forensic analysis of the phone.
The company's response comes as no surprise to digital defenders who work with at-risk populations who are often targeted by spyware.
In recent years, Apple has sent notifications to targets and victims of government spyware, warning them they may have been hacked and instructing them to seek help. Importantly, Apple directed targets to contact Access Now, a nonprofit organization that runs a digital helpline for people in civil society who suspect they have been targeted by government spyware, rather than its own security engineers. That's what I'm doing.
“Apple has detected that you are the target of a mercenary spyware attack attempting to remotely compromise the iPhone associated with your Apple account,” reads a recent alert shared by Access Now with TechCrunch. are. “This attack may be specifically targeting you because of who you are or what you do. Although it is never possible to detect such attacks with certainty, , Apple has high confidence in this warning, so please take it seriously.”
While it may seem like Apple is abdicating its responsibility to protect users, cybersecurity experts who work with human rights defenders, journalists, and dissidents say Apple's approach in warning victims of spyware attacks is Generally agree that is correct.
Contact Us Want more information about government spyware and its creators? Contact Lorenzo Franceschi-Bicchierai securely from your non-work device on Signal (+1 917 257 1382) or on Telegram and Keybase @lorenzofb or by email can. You can also contact TechCrunch via SecureDrop.
“These notices are a game-changer for responsible spyware research,” said John Munk, a senior research fellow at Citizen Lab, a non-profit organization that researches spyware and is affiliated with the University of Toronto's Munk School of Global Affairs and Public Policy. John Scott Railton said.
“If you look back over the past few years, you'll see that many of the most important incidents we know of, from Poland to Thailand and many others, started with Apple's notifications,” said Scott Railton. .
For those investigating spyware, Apple's sharing of spyware notifications with victims was a turning point. Natalia Krapiva, Access Now's legal advisor, said that before the notification was received, “we were in the dark because we didn't know who to contact.”
“I think this is one of the biggest things that's happened in this type of forensic investigation and advanced spyware hunting,” Krapiva told TechCrunch.
Currently, when someone or a group of people receives a notification from Apple, they are alerted that something potentially unusual is happening with their device, that someone is targeting them, and that they should seek help. now. Scott Railton says Apple is telling people exactly where to get it. He said the Access Now helpline was the right place because “the helpline can provide appropriate and systematic triage work and support.”
Krapiva said the helpline has more than 30 staff and is supported by staff working in other parts of the nonprofit. So far in 2024, Access Now has received 4,337 tickets through its helpline, Krapiva said.
Scott-Railton, Krapiva, and Runa Sandvik, a security expert who runs Granitt, a digital security consultancy for people at risk, and who has protected journalists for a decade, all agree that Apple was the victim. They agree that investigations into individual attacks should cease after notification.
“Big tech companies don't want to be in the business of doing forensics on people's devices and accounts,” Sandvik told TechCrunch. “I think we should keep that separate.”
Apple can still do more to combat spyware, said Eva Galperin, director of cybersecurity at the nonprofit Electronic Frontier Foundation, which has been researching surveillance on the Internet for more than a decade.
“[Apple] They will be able to produce more detailed reports and file more lawsuits. These require a lot of money that NGOs don't have, telemetry NGOs don't have,” Galperin told TechCrunch.
Apple says on its official page about Mercenary spyware, last updated in October, that it has sent notifications to users in more than 150 countries since 2012.
Apple spokesperson Nadine Haija told TechCrunch: “The vast majority of users would never become victims of such an attack. We deeply sympathize with the small number of users who are victimized and are committed to protecting them. “We are working tirelessly to ensure that there are victims,” he said, reiterating that there are victims. There are no known cases of Mercenary spyware on Apple devices with lockdown mode. “Our security team is constantly working to track down mercenary spyware attackers and sends threat notifications to notify and assist users who we believe have been targeted individually.”
Apple instructs spyware targets and victims to update their iOS software and all apps for anyone alerted by the notification. Apple also recommends that users turn on lockdown mode. This is an opt-in iOS security feature that has traditionally thwarted spyware attacks by restricting device functionality that is often exploited to plant spyware. Apple said last year that it was not aware of any cases of successful spyware infections against people who used Lockdown Mode.
Scott-Railton described lockdown mode as “a game-changer in increasing the security of people's devices, especially those at risk.”
All the experts TechCrunch spoke to strongly recommend turning on lockdown mode if you think you might be a target, especially if you are a journalist, human rights activist or dissident. are.
If you receive a notification from Apple, please take it seriously.