news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

news

Apple’s iPhone Spyware Problem Is Getting Worse. Here’s What You Should Know - Best News

Top 5 This Week

Related Posts

Apple’s iPhone Spyware Problem Is Getting Worse. Here’s What You Should Know

In April, Apple sent notifications to iPhone users in 92 countries, warning them they’d been targeted with spyware. “Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID,” the notification reads.

Users quickly took to social media sites including X, trying to work out what the notification meant. Many of those targeted were based in India, but others in Europe also reported receiving Apple’s warning.

Weeks later, little is still known about the latest iPhone attacks. Former smartphone giant Blackberry, now a security firm, has released research indicating they are linked to a Chinese spyware campaign dubbed “LightSpy,” but Apple spokesperson Shane Bauer says this is inaccurate.

While Apple says the latest spyware notifications aren't linked to LightSpy, the spyware remains a growing threat, particularly to people who may be targeted in Southern Asia, according to Blackberry's researchers. Described as a “sophisticated iOS implant,” LightSpy first emerged targeting Hong Kong protesters in 2020. However, the latest iteration is much more capable than the first.

“It is a fully-featured modular surveillance toolset that primarily focuses on exfiltrating victims’ private information, including hyper-specific location data and sound recording during voice over IP calls,” the researchers wrote.

April's warnings were not the first time Apple has issued notifications of this kind. The iPhone maker has sent out alerts to people in over 150 countries since 2021 as spyware continues to target high-profile figures across the globe.

Spyware can be weaponized by nation-state adversaries—but this is relatively rare and expensive. Its deployment is typically highly targeted against a very specific group of people, including journalists, political dissidents, government workers, and businesses in certain sectors.

“Such attacks are vastly more complex than regular cybercriminal activity and consumer malware, as mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices,” Apple wrote in an advisory in April. "Mercenary spyware attacks cost millions of dollars and often have a short shelf life, making them much harder to detect and prevent. The vast majority of users will never be targeted by such attacks.”

Plus, Apple says its Lockdown Mode feature can successfully protect against attacks. “As we have said before, we are not aware of anyone using Lockdown Mode being successfully attacked with mercenary spyware,” Bauer says. Still, for those who are targeted and caught unaware, spyware is extremely dangerous.

Zero-Click Attacks

Spyware gives attackers access to the smartphone’s mic and allows them to view everything you write, including messages on encrypted apps such as WhatsApp and Signal. They can also track your location, collect passwords, and harvest information from apps.

In the past, spyware was delivered via phishing, requiring the victim to click on a link or download an image. Today, it can be delivered in so-called “zero-click attacks” via an iMessage or WhatsApp image that will automatically plant spyware on your device.

Most PopularCultureThe 17 Best Movies on Amazon Prime Right Now

Matt Kamen

GearThinking About Buying a Hybrid Car? Listen Up

Lauren Goode

CultureThe 26 Best Shows on Apple TV+ Right Now

Angela Watercutter

CultureWhat Happens When a Romance Writer Gets Locked Out of Google Docs

Madeline Ashby

In 2021, researchers at Google’s Project Zero detailed how an iMessage-based zero-click exploit was used to target a Saudi activist. “Short of not using a device, there is no way to prevent exploitation by a zero-click exploit; it's a weapon against which there is no defense,” the researchers warned.

The spyware infection chain using zero-click exploits via iMessage was demonstrated by security outfit Kaspersky as part of its Operation Triangulation research last year.

All that needs to happen is, the victim receives an iMessage with an attachment containing a zero-click exploit. “Without any further interaction, the message triggers a vulnerability, leading to code execution for privilege escalation and providing full control over the infected device,” says Boris Larin, principal security researcher at Kaspersky's Global Research & Analysis Team.

Once the attacker establishes their presence on the device, he says, the message is automatically deleted.

Rise of Pegasus

The most prominent and well-known spyware is Pegasus, made by Israeli firm NSO Group to target vulnerabilities in iOS and Android software.

Spyware only exists because of vendors such as NSO Group, which claims it sells exploits to governments only to hunt criminals and terrorists. “Any customers, including governments in Europe and North America, agree not to disclose those vulnerabilities,” says Richard Werner, cybersecurity advisor at Trend Micro.

Despite NSO Group’s claims, spyware has continued to target journalists, dissidents, and protesters. Saudi journalist and dissident Jamal Khashoggi’s wife, Hanan Elatr, was allegedly targeted with Pegasus before his death. In 2021, New York Times reporter Ben Hubbard learned his phone had been targeted twice with Pegasus.

Pegasus was silently implanted onto the iPhone of Claude Magnin, the wife of the political activist Naama Asfari, who was jailed and allegedly tortured in Morocco. Pegasus has also been used to target pro-democracy protesters in Thailand, Russian journalist Galina Timchenko, and UK government officials.

In 2021, Apple filed a lawsuit against NSO Group and its parent company to hold it accountable for “the surveillance and targeting of Apple users.”

The case is still ongoing, with NSO Group attempting to dismiss the lawsuit, but experts say the problem is not going to go away as long as spyware vendors are able to operate.

David Ruiz, senior privacy advocate at security firm Malwarebytes, blames “the obsessive and oppressive operators behind spyware, who compound its danger to society.”

The Spyware Drain

If you are faced with a zero-click exploit delivering spyware, experts say there is very little you can do to protect yourself or restore security to your devices. “The best thing to do if you are targeted is to entirely abandon both the hardware and any associated accounts,” says Aaron Engel, chief information security officer at ExpressVPN. “Get a new computer, get a new phone number, and create completely new accounts linked to the device.”

Detecting spyware can be challenging, but unusual behavior such as your battery draining quickly, unexpected shutdowns, or high data usage could be indicative of some types of infections, says Javvad Malik, lead security awareness advocate at security training organization KnowBe4. While specific apps claim to spot spyware, their effectiveness can vary, and professional assistance is often necessary for reliable detection, he says.

Most PopularCultureThe 17 Best Movies on Amazon Prime Right Now

Matt Kamen

GearThinking About Buying a Hybrid Car? Listen Up

Lauren Goode

CultureThe 26 Best Shows on Apple TV+ Right Now

Angela Watercutter

CultureWhat Happens When a Romance Writer Gets Locked Out of Google Docs

Madeline Ashby

Chris Hauk, consumer privacy advocate at Pixel Privacy, agrees battery drain is a strong indicator of spyware on your device. “Most spyware has not been developed to run efficiently,” he says.

For sophisticated mercenary spyware that targets iOS users, such obvious indicators like battery drain, random shutdowns, or data-usage issues have not been substantiated, says Apple's Bauer. “These symptoms are more relevant to commodity Android spyware than highly targeted mercenary spyware, which is adept at going unnoticed on users’ devices,” he says.

Users should also be on the lookout for apps they haven't installed, forced redirects due to a browser being hijacked, and changed settings in their default browser or search engine.Earlier this year, Kaspersky’s team introduced a method to detect indicators of infection from iOS spyware such as Pegasus, Reign, and Predator. It is effective because Pegasus infections leave traces in the unexpected system log, Shutdown.log, stored within iOS devices’ sysdiagnose archive, the security outfit says.Another step you can take to safeguard your device is to ensure you restart it at least once a day. “This makes it necessary for attackers to repeatedly reinfect, increasing the chances of detection over time,” Larin says.

If you might be a target, you can also disable iMessage and FaceTime to reduce the risk of falling victim to zero-click attacks. At the same time, keep your device updated to the latest software and avoid clicking on links received in messages such as emails.

“Update to the latest software version to protect against known vulnerabilities, use multifactor authentication, and only install applications from verified and legitimate sources,” says Adam Price, cyber threat intelligence analyst at Cyjax.If you do become a victim, helplines are available for aid in removing spyware, such as Access Now’s Digital Security Helpline and Amnesty International’s Security Lab. Meanwhile, Apple's Lockdown Mode—which disables certain features but is surprisingly usable—can protect your iPhone from getting infected in the first place.

Updated 4:15 pm ET, May 2024: Apple tells WIRED that its “latest threat notifications” were not triggered by LightSpy, disputing recent research from Blackberry. A company spokesperson also called claims that battery drain, shutdowns, and unexpectedly high data usage are indicative of a spyware infection are “unsubstantiated.” WIRED has also added additional details about the rarity of highly sophisticated spyware infections on iOS.

Popular Articles