Apple’s iPhone Spyware Problem Worsens
TLDR: Apple has detected sophisticated spyware attacks targeting iPhone users in over 150 countries. Zero-click attacks and notorious tools like Pegasus pose significant risks. Users can take steps to protect themselves, but the fight against spyware requires collaboration from governments, tech companies, and civil society.
Apple has detected spyware attacks against people in over 150 countries, with the problem escalating in recent years.
In April, iPhone users in 92 countries received notifications warning them of being targeted by mercenary spyware.
The attacks have been linked to a Chinese campaign called “LightSpy,” although Apple disputes this claim.
What is Spyware?
Spyware grants attackers access to a smartphone’s microphone, messages, location, passwords, and app data.
It is typically used by nation-states to target specific individuals, such as journalists, political dissidents, government workers, and businesses in certain sectors.
While rare and expensive, spyware attacks are extremely dangerous for those targeted.
The Rise of Zero-Click Attacks
Spyware was previously delivered via phishing, requiring victims to click on a link or download an image.
However, modern spyware can be delivered through “zero-click attacks” using iMessage or WhatsApp images that automatically infect devices.
Google’s Project Zero researchers have warned that there is no defense against zero-click exploits.
Pegasus: The Most Notorious Spyware
Pegasus, developed by Israeli firm NSO Group, is the most well-known spyware targeting iOS and Android vulnerabilities.
Despite NSO Group’s claims of selling exploits only to governments to hunt criminals and terrorists, Pegasus has been used to target journalists, dissidents, and protesters worldwide.
Notable targets include Jamal Khashoggi’s wife, New York Times reporter Ben Hubbard, and pro-democracy activists in various countries.
Apple has filed a lawsuit against NSO Group to hold it accountable for targeting Apple users.
Protecting Yourself from Spyware
- Enable Apple’s Lockdown Mode to prevent infection.
- Seek help from Access Now’s Digital Security Helpline or Amnesty International’s Security Lab if you suspect your device is infected.
- Look out for unusual behavior like rapid battery drain, unexpected shutdowns, or high data usage (for unsophisticated spyware only).
- Restart your device daily to force attackers to repeatedly reinfect, increasing the chances of detection (for unsophisticated spyware only).
- Disable iMessage and FaceTime to reduce the risk of zero-click attacks.
- Keep your device updated with the latest software and avoid clicking on suspicious links.
Detecting Spyware: A Challenging Task
Detecting spyware, especially sophisticated variants like Pegasus, is extremely difficult without professional assistance.
While battery drain, shutdowns, and high data usage may indicate unsophisticated spyware infections, these symptoms are not substantiated for highly targeted mercenary spyware.
Kaspersky’s team has introduced a method to detect indicators of infection from sophisticated iOS spyware by analyzing traces left in unexpected system logs.
However, working with professionals like those at Access Now and Amnesty International remains the most reliable way to uncover a sophisticated spyware infection.
The Problem Persists
As long as spyware vendors continue to operate, the problem is unlikely to disappear.
Experts blame the “obsessive and oppressive operators behind spyware” for compounding its danger to society.
While Apple’s Lockdown Mode can protect against attacks, those targeted and caught unaware face extreme risks.