Here's how Apple will warn you if you're under state-sponsored spyware attack

iPhone X passcode screen
iPhone X passcode screen (Image credit: iMore)

What you need to know

  • Apple has issued a support document detailing how users will be informed of a potential state-sponsored attack.
  • Apple is suing NSO Group, the outfit behind Pegasus which is itself a tool used by bad actors.

Yesterday saw Apple announce that it is suing NSO Group, in part over its creation of Pegasus, a spyware tool that has been used to target politicians, journalists, and more. The company has also published a support document (opens in new tab) that highlights how it will warn people if they're thought to be under attack.

The new document, first spotted by MacRumors, outlines the security issues caused by state-sponsored spyware across Apple devices — including the new iPhone 13.

Apple threat notifications are designed to inform and assist users who may have been targeted by state-sponsored attackers. These users are individually targeted because of who they are or what they do. Unlike traditional cybercriminals, state-sponsored attackers apply exceptional resources to target a very small number of specific individuals and their devices, which makes these attacks much harder to detect and prevent. State-sponsored attacks are highly complex, cost millions of dollars to develop, and often have a short shelf life. The vast majority of users will never be targeted by such attacks.

Apple goes on to say that it will notify people that they are a target by sending them emails and iMessages, while a message will also appear when they log into their Apple ID on the Apple website. No links will be sent and no credentials will be requested.

Apple also offers some ideas for how people can try to ensure they don't fall victim to such attacks.

  • Update devices to the latest software, as that includes the latest security fixes
  • Protect devices with a passcode
  • Use two-factor authentication and a strong password for Apple ID
  • Install apps from the App Store
  • Use strong and unique passwords online
  • Don't click on links or attachments from unknown senders

Security is one of the best iPhone features that Apple isn't shy about marketing, but even iPhones aren't guaranteed to be safe from attacks like this.

Those interested in learning more, and finding out what to do if they think they're a target, can read the full support document (opens in new tab) now.

Oliver Haslam
Contributor

Oliver Haslam has written about Apple and the wider technology business for more than a decade with bylines on How-To Geek, PC Mag, iDownloadBlog, and many more. He has also been published in print for Macworld, including cover stories. At iMore, Oliver is involved in daily news coverage and, not being short of opinions, has been known to 'explain' those thoughts in more detail, too.

Having grown up using PCs and spending far too much money on graphics card and flashy RAM, Oliver switched to the Mac with a G5 iMac and hasn't looked back. Since then he's seen the growth of the smartphone world, backed by iPhone, and new product categories come and go. Current expertise includes iOS, macOS, streaming services, and pretty much anything that has a battery or plugs into a wall. Oliver also covers mobile gaming for iMore, with Apple Arcade a particular focus. He's been gaming since the Atari 2600 days and still struggles to comprehend the fact he can play console quality titles on his pocket computer.

1 Comment
  • My iPhone was hacked in February 2021 and I've lost bank accounts, other online accounts, and found personal information used as passwords as they were added to my Chrome password manager and iPhone keychain. I refuse to use Safari and find it intrusive and would love to delete it completely. I take issue with Apple saying how seriously they take security on their phones and with their iOS.
    When my phone was hacked, I talked with someone at Apple who identified himself as a “Senior Manager.” He said iPhones could not be hacked and it was impossible for anyone to do so.
    Actually, Apple is the easiest to hack with Windows and Android second and Linux one of the most difficult. Apple seldom listens to their customers comments or complaints. I cannot even open an app or key in numbers when using an automated system because my screen turns black and stays black after a phone call connects. This problem started after some iOS 14 upgrades prior to iOS 15. Even though there are some useful and nice features, I will not get another iPhone again for those reasons. I will go back to an Android with a Linus operating system with a bare-bones Android OS to facilitate automatic updates. One lost customer won't matter to them, but I never had problems with my Android phone or identity until I got my first iPhone a year ago. No company has perfect customer service but I've also never dealt with a brainwashed manager who made arrogant and false claims about their security and their phones either.