In a recent development, several prominent political leaders in India have claimed to receive alerts of state-sponsored attackers on their Apple iPhones. These notifications, often called Apple threat notifications, are designed to inform and assist users whom state-sponsored attackers may have targeted.
Not just political leaders and journalists in India, but people in over 150 countries have received similar notifications.
However, Apple has yet to officially confirm the authenticity of these alerts shared by political leaders in India. Mind you, though, the company does have a pre-existing support page explaining this feature.
State-sponsored attackers, according to Apple, are not your typical cybercriminals. They possess significant resources and focus their efforts on a minimal number of specific individuals and their devices, making their attacks challenging to detect and prevent. These attacks are highly sophisticated, costly to develop, and often have a limited lifespan.
If Apple identifies activity consistent with a state-sponsored attack, affected users are notified in two ways. First, a Threat Notification is displayed at the top of the page after the user signs into appleid.apple.com. Then, Apple sends an email and iMessage notification to the email addresses and phone numbers associated with the user’s Apple ID.
These notifications provide additional steps for users to safeguard their devices, including enabling Lockdown Mode, which can be found in Settings > Privacy and Security > Lockdown Mode.
However, it’s crucial to understand that detecting such attacks relies on threat intelligence signals, which are sometimes imperfect and incomplete. Consequently, some Apple threat notifications may be false alarms, or specific attacks may go undetected. Even Apple admits this.
Apple advises users to never click on links, open files, install apps or profiles, or provide their Apple ID password or verification code via email or phone when they receive a threat notification. Instead, users should sign in to appleid.apple.com to check if a threat notification is accurate. If Apple has sent a threat notification, it will be prominently displayed at the top of the page after signing in.
In light of these reports and to protect themselves from cybercriminals and consumer malware, all Apple users are encouraged to follow best practices for security, including:
- Keeping their devices updated with the latest software.
- Securing their devices with a passcode.
- Using two-factor authentication and strong passwords for their Apple ID.
- Installing apps from the official App Store.
- Utilising solid and unique passwords for online accounts.
- Avoid clicking on links or attachments from unknown senders.
Business Today has reached out to Apple for confirmation regarding the recent reports on the ‘State-sponsored Attackers’ alert, and the story will be updated accordingly when the company responds.
