Why is it in the news?
- Several top opposition leaders and a few journalists have recently reported about receiving a notification from Apple about “state-sponsored attackers who are remotely trying to compromise” their iPhones.
- The notification says the attackers are likely targeting these individuals because of who they are or what they do, and advises them on how to protect themselves, including activating the ‘Lockdown Mode’ feature on their iPhones.
- Apple has been sending out these notifications since late 2021, whenever it suspects some activity resembles a state-sponsored attack. It has so far notified individuals in 150 countries.
More about the news
Identity of “State-Sponsored Attackers”
|About Lockdown Mode |
· Upon activation, many regular functions are restricted or disabled.
· Restricts sending/receiving of certain types of messages to safeguard personal information.
· Available only on newer software versions (iOS 16, iPadOS 16, watchOS 10, macOS Ventura).
· Activation: Settings > Privacy & Security > Lockdown Mode.
- These attackers are sophisticated, well-funded, and their tactics evolve. They might target based on identity or activities.
- They are different from regular cybercriminals who typically target masses for money.
- Further, such attacks often exploit undisclosed vulnerabilities and aim for undetectability.
Nature of Apple’s Threat Notification
- Apple does not specify any particular nation or group.
- Apple alert users potentially targeted by state-sponsored attackers.
- It has developed a detection system that identifies suspicious activities.
- The detected threats lead to notifications via email and iMessage tied to the user’s Apple ID.
- Moreover, reasons for issuing such notifications are not openly disclosed to prevent aiding attackers.
Apple’s recommendations to avoid such attacks
- Update to latest software.
- Implement a passcode and two-factor authentication.
- Use robust passwords for Apple ID.
- Only download apps from the App Store.
- Avoid unknown links/attachments.
- Utilize unique passwords for online accounts.
- Engage Lockdown Mode for heightened protection.
|About Pegasus Spyware|
· Pegasus is malware categorized as spyware.
· It infiltrates devices, collects sensitive data, and sends it back to the deploying entities.
· Developed by the Israeli firm NSO Group in 2010.
· Detected in 2016, the initial version spread via spear-phishing.
· Later versions used “zero-click” attacks that don’t require user interaction. These attacks exploit “zero-day” vulnerabilities in operating systems.
· Targets globally including human rights activists, journalists, and lawyers.
Pegasus Spyware Case (July 2021)
· A global collaborative investigative project revealed potential misuse of Pegasus spyware by NSO Group to target individuals’ phones in several countries, including India.
· In India, targets encompass ministers, government officials, and opposition leaders.
· The central government denied the allegations, condemned the opposition, but never directly denied the use of Pegasus.
· On October 27, 2021, a three-judge Bench of the Supreme Court appointed an Expert Committee led by Justice R V Raveendran to investigate the Pegasus allegations.
· However, on August 25, 2022, no conclusive evidence of Pegasus was found in the examined phones.