Spyware attacks have been discovered by the iPhone manufacturer in 150+ countries. Detecting if your device is infected may be challenging, but there are steps you can take for protection.
In 92 countries, Apple sent out notifications to iPhone users, informing them about a spyware attack. The message warned that their Apple ID-associated iPhones were being targeted by a mercenary spyware attack. Users flocked to social media platforms like X to decipher the meaning behind the notification. While a significant number of affected individuals were from India, there were also reports from Europe about receiving Apple’s cautionary message.
The latest iPhone attacks remain a mystery even after several weeks. However, Blackberry, the once-popular smartphone company, has conducted research that suggests a connection to a Chinese spyware campaign called “LightSpy.”
In 2020, LightSpy, a sophisticated iOS implant, was deployed to target Hong Kong protesters. However, the latest version surpasses its predecessor in terms of capabilities.
The researchers described it as a complete surveillance toolset that is mainly used to steal victims’ private information, such as precise location data and sound recordings from voice over IP calls.
This is not the initial instance Apple has sent out notifications like this. Since 2021, the iPhone manufacturer has alerted individuals in over 150 countries as spyware targets prominent figures globally. Apple has not replied to a comment request.
Nation-state adversaries can use spyware as a weapon. They usually aim it at a specific group of individuals, such as journalists, political dissidents, government workers, and businesses in certain sectors. This spyware poses a significant threat.
Zero-Click Attacks
With the help of spyware, attackers can gain unauthorized access to your smartphone’s microphone, enabling them to monitor your conversations, even on encrypted apps like WhatsApp and Signal. Additionally, they can track your location, collect passwords, and extract data from various applications.
In earlier times, spyware was distributed through phishing, which involved the victim clicking on a link or downloading an image. However, nowadays, it can be transmitted through “zero-click attacks” via an iMessage or WhatsApp image, instantly installing spyware on your device.
Researchers from Google’s Project Zero revealed in 2021 how a zero-click exploit through iMessage was used to target a Saudi activist. They cautioned that there is no defense against such an exploit.
Kaspersky showed how spyware can infect iPhones through iMessage without needing any clicks in their Operation Triangulation study.
The victim just needs to get an iMessage with an attachment that has a zero-click exploit. This message can trigger a vulnerability without any interaction, allowing the attacker to take full control of the infected device, according to Boris Larin, a security researcher at Kaspersky.
After the attacker gains access to the device, they claim that the message will be deleted automatically.
Rise of Pegasus
The top spyware, Pegasus, is developed by NSO Group in Israel to exploit iOS and Android software flaws.
Spyware is only possible because of companies like NSO Group. They say they sell their hacking tools to governments to catch criminals and terrorists. Richard Werner, a cybersecurity advisor at Trend Micro, explains that these governments promise not to reveal any weaknesses they find.
NSO Group’s assertions aside, spyware has persistently aimed at journalists, dissidents, and protesters. Hanan Elatr, the wife of Saudi journalist and dissident Jamal Khashoggi, reportedly fell victim to Pegasus before his demise. Ben Hubbard, a reporter for the New York Times, discovered that his phone had been targeted twice with Pegasus in 2021.
Pegasus was discreetly placed on Claude Magnin‘s iPhone. Claude is the spouse of political activist Naama Asfari, who was imprisoned and reportedly tortured in Morocco. Pegasus has also been utilized to target pro-democracy protesters in Thailand, Russian journalist Galina Timchenko, and government officials in the UK.
Apple took legal action in 2021 by filing a lawsuit against NSO Group and its parent company. The purpose was to make them responsible for their actions of surveilling and targeting Apple users.
The lawsuit is still ongoing, as NSO Group tries to dismiss it. However, experts believe that the problem will persist as long as spyware vendors can continue their operations.
Malwarebytes’ senior privacy advocate, David Ruiz, accuses spyware operators of increasing the threat to society.
The Spyware Drain
If you encounter a zero-click exploit with spyware, experts advise that there are limited options to safeguard your devices. Aaron Engel from ExpressVPN suggests abandoning the hardware and accounts, getting new devices, phone number, and creating fresh accounts.
Spyware detection can be difficult, but signs like fast battery drain, sudden shutdowns, or excessive data usage may indicate an infection, according to Javvad Malik, a security expert at KnowBe4. Although some apps claim to detect spyware, their reliability can vary, so seeking professional help is often recommended.
According to Chris Hauk, a privacy advocate at Pixel Privacy, a significant drop in battery life is a strong indication that your device may have spyware. He points out that spyware is generally not developed to run efficiently.
It’s important for users to stay vigilant about unfamiliar apps, forced browser redirects, and alterations to their default browser or search engine settings.
This year, Kaspersky developed a technique to identify iOS spyware like Pegasus, Reign, and Predator by examining the system log Shutdown.log in the sysdiagnose archive.
Make sure to restart your device daily to add an extra layer of protection against attackers, according to Larin.
Reduce the risk of zero-click attacks by turning off iMessage and FaceTime if you think you’re a target. Make sure to update your device and refrain from clicking on links in messages or emails.
To safeguard against known vulnerabilities, Adam Price from Cyjax advises updating to the most recent software version, utilizing multifactor authentication, and exclusively installing apps from verified sources.
In case you fall victim to spyware, seek assistance from helplines like Access Now’s Digital Security Helpline and Amnesty International’s Security Lab. Apple’s Lockdown Mode can prevent your iPhone from being infected by turning off specific features.