Why Apple sends spyware victims to this nonprofit security lab
Before the elections the cybersecurity team of US vice president and thenpresidential candidate Kamala Harris reached out to Apple asking for help according to Forbes after a tool thats designed to detect spyware on iPhones flagged anomalies on two devices belonging to campaign staffers Apple declined to forensically analyze the phones per Forbes
The companys response is no surprise to the digital defenders working with atrisk populations often targeted by spyware
In the last few years Apple has been sending notifications to targets and victims of government spyware alerting them that they may have been hacked and directing them to get help Crucially Apple doesnt tell the targets to get in touch with its own security engineers but with the nonprofit Access Now which runs a digital helpline for people in civil society who suspect they have been targets of government spyware
Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple Account reads a recent alert which Access Now shared with TechCrunch This attack is likely targeting you specifically because of who you are or what you do Although its never possible to achieve absolute certainty when detecting such attacks Apple has high confidence in this warning please take it seriously
While it may look like Apple is abdicating its responsibility to protect its users cybersecurity experts who work with human rights defenders journalists and dissidents generally agree that Apples approach in alerting victims to spyware attacks is the right one
These notifications have been a game changer for spyware accountability research said John ScottRailton a senior researcher at the Citizen Lab a nonprofit that investigates spyware and is housed at the University of Toronto Munk School of Global Affairs Public Policy
When I look back over the past few years I see so many of the most important cases that we know about Poland Thailand so many others began with an Apple notification said ScottRailton
For people who investigate spyware Apple sharing spyware notifications with victims represented a turning point Before the notifications We were just like in the dark not knowing who to check according to Access Nows legal counsel Natalia Krapiva
I think its one of the greatest things thats happened in the sphere of this kind of forensic investigations and hunting of sophisticated spyware Krapiva told TechCrunch
Now when someone or a group of people get a notification from Apple they are warned that something potentially anomalous is happening with their device that someone is targeting them and that they need to get help And Apple tells them exactly where to get it according to ScottRailton who said Access Nows helpline is the right place to go because the helpline is able to do good systematic triage work and support
Krapiva said that the helpline is staffed by more than 30 people supported by others who work in other departments of the nonprofit So far in 2024 Krapiva said Access Now received 4337 tickets through the helpline
ScottRailton Krapiva and security expert Runa Sandvik who runs her own digital security consultancy Granitt for atrisk people and has been protecting journalists for a decade all agree Apple should stop short of investigating individual attacks after notifying the victims
Big tech companies dont want to get into the business of doing forensics on peoples devices or accounts Sandvik told TechCrunch I think that should remain separate
Eva Galperin the director of cybersecurity at the nonprofit Electronic Frontier Foundation who has been investigating surveillance on the internet for more than a decade said that Apple could still do more to combat spyware
Apple could write more detailed reports and file more lawsuits These are the things that take massive amounts of money NGOs dont have and telemetry NGOs dont have Galperin told TechCrunch
In its official page about mercenary spyware last updated in October Apple says that since 2012 it has sent notifications to users in more than 150 countries
Apple spokesperson Nadine Haija told TechCrunch that the vast majority of users will never be the victims of such attacks we sympathize deeply with the small number of users who are and we continue to work tirelessly to protect them and reiterated that there are no known cases of mercenary spyware on Apple devices with Lockdown Mode Our security teams are constantly working to track mercenary spyware attackers and we send threat notifications to inform and assist users who we believe were individually targeted
For anyone alerted by a notification Apple tells those targets and victims of spyware to update their iOS software and all their apps Apple also suggests the user switches on Lockdown Mode an optin iOS security feature that has stopped spyware attacks in the past by limiting device features that are often exploited to plant spyware Apple said last year that it is not aware of any successful spyware infection against someone who used Lockdown Mode
ScottRailton called Lockdown Mode a game changer in increasing the security of peoples devices especially people who are at risk
All the experts TechCrunch spoke with strongly recommend turning on Lockdown Mode if you think you may be a target especially if you are a journalist human rights defender or dissident
And if you get a notification from Apple take it very seriously
Lorenzo Franceschi
Lorenzo Franceschi-Bicchierai