Apple's iPhone Spyware Problem Is Getting Worse (wired.com) 60
An anonymous reader quotes a report from Wired: In April, Apple sent notifications to iPhone users in 92 countries, warning them they'd been targeted with spyware. "Apple detected that you are being targeted by a mercenary spyware attack that is trying to remotely compromise the iPhone associated with your Apple ID," the notification reads. Users quickly took to social media sites including X, trying to work out what the notification meant. Many of those targeted were based inIndia, but others in Europe also reported receiving Apple's warning. Weeks later, little is still known about the latest iPhone attacks. Former smartphone giant Blackberry, now a security firm, has released research indicating they are linked to a Chinese spyware campaign dubbed "LightSpy," but Apple spokesperson Shane Bauer says this is inaccurate.
While Apple says the latest spyware notifications aren't linked to LightSpy, the spyware remains a growing threat, particularly to people who may be targeted in Southern Asia, according to Blackberry's researchers. Described as a "sophisticated iOS implant," LightSpy first emerged targeting Hong Kong protesters in 2020. However, the latest iteration is much more capable than the first. "It is a fully-featured modular surveillance toolset that primarily focuses on exfiltrating victims' private information, including hyper-specific location data and sound recording during voice over IP calls," the researchers wrote. April's warnings were not the first time Apple has issued notifications of this kind. The iPhone maker has sent out alerts to people in over 150 countries since 2021 as spyware continues to target high-profile figures across the globe.
Spyware can be weaponized by nation-state adversaries -- but this is relatively rare and expensive. Its deployment is typically highly targeted against a very specific group of people, including journalists, political dissidents, government workers, and businesses in certain sectors. "Such attacks are vastly more complex than regular cybercriminal activity and consumer malware, as mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices," Apple wrote in an advisory in April. "Mercenary spyware attacks cost millions of dollars and often have a short shelf life, making them much harder to detect and prevent. The vast majority of users will never be targeted by such attacks." Plus, Apple says its Lockdown Mode feature can successfully protect against attacks. "As we have said before, we are not aware of anyone using Lockdown Mode being successfully attacked with mercenary spyware," Bauer says. Still, for those who are targeted and caught unaware, spyware is extremely dangerous. There are a number of ways to protect yourself against spyware and zero-click exploits in particular:
1. Regularly Update Devices: Keep your devices updated to the latest software to protect against known vulnerabilities.
2. Restart Devices Daily: Regularly restarting your device can help disrupt persistent spyware infections by forcing attackers to reinfect the device, potentially increasing their chances of detection.
3. Disable Vulnerable Features: Consider disabling features prone to exploits, such as iMessage and FaceTime, especially if you suspect you're a target for spyware.
4. Use Multifactor Authentication and Secure Sources: Employ multifactor authentication and only install apps from verified sources to prevent unauthorized access and downloads.
5. Monitor for Indicators: Be vigilant for signs of infection such as battery drain, unexpected shutdowns, and high data usage, though these may not always be present with more sophisticated spyware.
6. Seek Professional Help: If you suspect a spyware infection, consider professional assistance or helplines like Access Now's Digital Security Helpline for guidance on removal.
7. Utilize Advanced Security Features: Activate security features like Apple's Lockdown Mode, which limits device functionality to reduce vulnerabilities, thus safeguarding against infections.
While Apple says the latest spyware notifications aren't linked to LightSpy, the spyware remains a growing threat, particularly to people who may be targeted in Southern Asia, according to Blackberry's researchers. Described as a "sophisticated iOS implant," LightSpy first emerged targeting Hong Kong protesters in 2020. However, the latest iteration is much more capable than the first. "It is a fully-featured modular surveillance toolset that primarily focuses on exfiltrating victims' private information, including hyper-specific location data and sound recording during voice over IP calls," the researchers wrote. April's warnings were not the first time Apple has issued notifications of this kind. The iPhone maker has sent out alerts to people in over 150 countries since 2021 as spyware continues to target high-profile figures across the globe.
Spyware can be weaponized by nation-state adversaries -- but this is relatively rare and expensive. Its deployment is typically highly targeted against a very specific group of people, including journalists, political dissidents, government workers, and businesses in certain sectors. "Such attacks are vastly more complex than regular cybercriminal activity and consumer malware, as mercenary spyware attackers apply exceptional resources to target a very small number of specific individuals and their devices," Apple wrote in an advisory in April. "Mercenary spyware attacks cost millions of dollars and often have a short shelf life, making them much harder to detect and prevent. The vast majority of users will never be targeted by such attacks." Plus, Apple says its Lockdown Mode feature can successfully protect against attacks. "As we have said before, we are not aware of anyone using Lockdown Mode being successfully attacked with mercenary spyware," Bauer says. Still, for those who are targeted and caught unaware, spyware is extremely dangerous. There are a number of ways to protect yourself against spyware and zero-click exploits in particular:
1. Regularly Update Devices: Keep your devices updated to the latest software to protect against known vulnerabilities.
2. Restart Devices Daily: Regularly restarting your device can help disrupt persistent spyware infections by forcing attackers to reinfect the device, potentially increasing their chances of detection.
3. Disable Vulnerable Features: Consider disabling features prone to exploits, such as iMessage and FaceTime, especially if you suspect you're a target for spyware.
4. Use Multifactor Authentication and Secure Sources: Employ multifactor authentication and only install apps from verified sources to prevent unauthorized access and downloads.
5. Monitor for Indicators: Be vigilant for signs of infection such as battery drain, unexpected shutdowns, and high data usage, though these may not always be present with more sophisticated spyware.
6. Seek Professional Help: If you suspect a spyware infection, consider professional assistance or helplines like Access Now's Digital Security Helpline for guidance on removal.
7. Utilize Advanced Security Features: Activate security features like Apple's Lockdown Mode, which limits device functionality to reduce vulnerabilities, thus safeguarding against infections.
Why can't Apple figure this out? (Score:4, Interesting)
Re: (Score:3)
Re:Why can't Apple figure this out? (Score:5, Informative)
Oh, horseshit. This is actually one of the things that Apple better than Android vendors: iOS17 runs on every iphone released in the last six years (XR through 15) and things that don't get iOS17 still get security updates.
Re: (Score:2)
You can't tar all "Android Vendors" with one brush.
For example Google's pixel phones offer 7 year support.
Re: (Score:2)
You can't tar all "Android Vendors" with one brush.
For example Google's pixel phones offer 7 year support.
Google's Pixel 8 do get that level of support, so kudos to them. However, it's just the Pixel 8, not something they have always done. Pixel 6 and 7 got five years of security updates, but only three years of Android version updates.. Pixel 4 and 5 got three years of both. [google.com] Google is also famous for having the attention span of a Golden Retriever with ADHD and changing things like this on a whim, so who knows what Pixel 9 will get?
Re: (Score:1)
iOS and Android are spywares from the start. Both of them. They report all kinds of data (location, browsing habits, app usage, etc...) to the mother ship.
Then you have to trust that they won't leak / provide it.
The only way to NOT have a permanent spyware with you is to not have that iWhatever or Android with you.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Re:Why can't Apple figure this out? (Score:5, Insightful)
There aren't many. These attacks generally only affect a few hundred people. And Apple is warning people because they see strange access patterns coming from their phones to their servers.
Apple doesn't have the malware or the devices in hand to analyze them (and fix the holes) - they only noticed that some odd access patterns were happening and notified users.
To track them down Apple would need a copy of the malware and likely the events triggering it (e.g., text message). They likely have none of that. I mean they probably could, but that would me having people to surrender their phone to Apple for analysis, which also means giving Apple all the data contained within. Chances are good that the people involved would be wary of what happens to their data.
So no, Apple can't go after them because Apple basically doesn't have the malware to analyze. And the people who can give it to them are likely people who can't give it to them.
Re: (Score:1)
I find it hard to believe that Apple has not been able to find one owner of an exploited phone who is willing to turn in the device for analysis, especially considering it would all but ensure a fix.
Re: (Score:2)
"all the known compromised machines to analyze"
How many were compromised? Were there any that were actually compromised?
Are there any "unplugged leaks" relevant to the topic?
If a vulnerability were identified and fixed, would you not then be able to identify continuing attempts to exploit it by those who don't know that it has been fixed?
Re: (Score:2)
Because they were asked by NSA not to do it ? (Score:2)
Re: (Score:2)
Cost. Obviously, Apple could do much better. But in the end, they are just after profits, like all commercial software makers.
Re: (Score:1, Insightful)
I would say Android is much easier in general to compromise depending on what hardware you have. This wide variance in hardware quality is why there are so many easily attacked devices. That plus Google abandons support for older devices relatively quick and they don't directly support most devices.
iPhone malware however tends to be much more critical in the sense that almost any exploit will be able to get right to the bare hardware.
Forget the normal stuff, GrapheneOS is your best bet.
In any case, don't do
Re:EU must investigate!! (Score:5, Funny)
In any case, don't do anything important on your phone.
pfffft real security means you don't do anything important on the internet. i actually mailed this comment to a correspondence service and they typed it up for me.
Re: (Score:2)
>This wide variance in hardware quality is why there are so many easily attacked devices.
The opposite side of that is that you don't have one solution that fits a very large percentage of phones.
Re: (Score:2)
And why would you expect Google to release software patches for other manufacturer's devices? For example, why would Google be releasing software for a Samsung Galaxy phone, when they didn't make the original release, and they didn't make the hardware, and they got no money from the sale of that hardware? That's a Samsung responsibility, so maybe don't try blaming Google.
And if you didn't notice, Google has equal or better promises of extended support than Apple does. The Pixel 8 will still be getting se
Re: (Score:1)
Throw It Away. (Score:5, Insightful)
Problem solved.
Next issue?
Re: (Score:2, Insightful)
A smartphone is somewhat vital for a lot of people these days. Needed to work, to keep in contact with friends and family etc. So it's not enough to say just throw it away, you need to offer a viable alternative.
In case it wasn't clear, becoming a hermit isn't viable.
Re: (Score:2)
Re: (Score:3, Insightful)
Um, you are kidding, right? No one said shit about not having a smart phone. Throw the APPLE phone away and go with an android.
Re: (Score:1)
Fair enough, if we are acknowledging that Android is a more secure platform with less of an issue with spyware. Was that the point?
Re: (Score:3)
The point is that Android gives the user and developer more control over an issue that is ongoing. And also I am a long time Apple hater for being a proprietary shitbag company for many decades.
Re: (Score:3)
What good is more control against such a sophisticated attack - unless the user happens to be an IT security professional?
Re: (Score:2)
Re: (Score:2)
Yes, the real solution is to stop playing mobile games on the same device you use to access your bank account. Too bad the smartphone vendors build their platforms that way on purpose, because that's where the money is.
Re: (Score:2)
Is it really beyond the wit of man to design an OS that allows you to run multiple applications safely?
This story is an advertisement (Score:4, Informative)
This story is very obviously an advertisement for whatever âoeAccess Nowâ and their services are.
Itâ(TM)s hard to tell these days what is or isnâ(TM)t a legitimate service. My guess is that this non-profit is actively engaged in trying to gather stories about people being affected by what they believe is electronic censorship, tracking, or whatever, and then republish those stories as a form of advertisement.
I wonder how much it costs to run a story like this on all the tech media outlets? Are we just reading ads, paid for by other ads at this point?
Re: (Score:3)
Ford? (Score:2)
Restart Devices Daily
Fix Or Reboot Daily.
Re: (Score:2)
8. (Score:1, Offtopic)
This is unacceptable (Score:3)
8. Don't use an iPhone (Score:3, Informative)
A company that still thinks it's all about design doesn't spend much time on security.
Re: (Score:2)
The comical part is that they spend all this time bloviating about security and privacy, and yet their devices are still getting owned in a bespoke, targeted fashion.
Finally someone figured out that releasing a self-replicating worm that tries to infect everything it possibly can only shines a huge spotlight on your exploit to get it patched as soon as possible. Instead, if you have a workable exploit and you only use it on targeted devices, it's far harder to investigate unless you can lay hands on the de
Re: (Score:2)
https://www.bleepingcomputer.c... [bleepingcomputer.com]
https://therecord.media/google... [therecord.media]
https://www.medianama.com/2024... [medianama.com]
Consumers suck... (Score:3, Informative)
...and you *cannot* fix stupid at the OS level. At best, you can provide a seatbelt.
Re: (Score:2)
Re: (Score:2)
And yet, there's more malware on Android. Go figure.
...with the idiot user's express permission
Can we stop pretending the malware got there without assistance?
Security updates? (Score:3)
Problem is - Apple does not differentiate between security updates and general/feature updates. In order to get the most up to date product security, I must also subject myself to feature bloat, unnecessary interface changes (to justify UI designer and PM pay), potential incompatibility and loss of application functionality and, finally, predictable reduction in performance (due to progressive code bloat).
So, as many users, I avoid upgrading iOS unless absolutely necessary. If Apple actually cares about security, they should fully separate security updates from the general/feature system upgrades, at least for the duration of every major iOS release (and, preferably, a few years after - certainly for the duration of any device that initially came with any given iOS version). Other OS makers are able to do so with resources far below those of Apple.
I am guessing that Apple specifically conflates the two, because it can use the incentive of security to force users to accept whaever new features it wants to introduce. While I am an Apple product user (and plan to remain one), this is something I don't really like.
Re: (Score:2)
Re: (Score:2)
If they did, as a regular iOS user I am unable to see it. My system only offers me full updates (very explicitly marked and pushed on me). I see no offer of security updates. They may exist somewhere in the Apple specific world, if one were to go actively searching, but for purposes of an average user they might as well not.
PRISM (Score:1, Interesting)
Does this have anything to do with Apple being part of the NSA's PRISM program?