Earlier this morning, several political leaders in India received an alert notification from Apple warning them against a “state-sponsored attack”. So far, Apple has notified individuals in 150 countries about a similar possible threat. The notification claimed that some state-sponsored attackers might be trying to take control of their Apple products and could possibly attempt to remotely access sensitive data, or even the camera and microphone access. Apple threat notifications aim to alert and aid users potentially targeted by state-sponsored attackers. These individuals are singled out based on their identity or activities. Unlike conventional cybercriminals, state-backed attackers dedicate substantial resources to focus on a select few individuals and their devices, making these attacks considerably challenging to identify and stop. State-backed assaults are intricate, expensive to create, and often short-lived.
“State-sponsored attackers are very well-funded and sophisticated, and their attacks evolve over time. Detecting such attacks relies on threat intelligence signals that are often imperfect and incomplete. It’s possible that some Apple threat notifications may be false alarms, or that some attacks are not detected,” says Apple.
How safe are iPhones?
While no device is 100 per cent secure, this chain of notification alerts sent out by Apple is proof that Apple devices may be more secure than most other smartphones in the market. Apple prioritises privacy and security as of utmost importance, and these alerts demonstrate the seriousness of Apple’s commitment to that claim. In fact, the hacking alert might be the best advertisement for Apple, showcasing the security of its devices. It’s uncommon for manufacturers to alert users about potential remote breaches. While it can not possibly be confirmed, it is plausible that many Android devices could have been accessed without their owners being aware, those devices just gave in and did not send out any alerts.
But how does Apple’s security work?
As in today’s case, whenever Apple discovers any activity consistent with a state-sponsored attack, it notifies targeted users with a notification alert sent via iMessage and email, and the same notification is displayed at the top of the page on the iCloud account.
Essentially, if you see this notification, that means that someone may be trying to access your Apple device. Having said that, chances are really low that this will happen to anyone, especially if you are not an influential individual. Apple also says that “the vast majority of users will never be targeted by such attacks.”
However, Apple does not reveal why and how this security system works because it says that if it does that, it will help the attackers evade detection. “We are unable to provide information about what causes us to issue threat notifications, as that may help state-sponsored attackers adapt their behaviour to evade detection in the future,” says Apple.
What’s the next step after you receive a threat notification?
In the notification that Apple sends on iMessage and email, and also on its support page about the threat notification, Apple suggests a few things users can do to protect their devices and their data. It would suggest a user creates a new Apple ID, changes passwords, enables two-factor authentication, and enables Lockdown mode.
What is lockdown mode?
Lockdown mode was a feature rolled out with iOS 16. It is available on iPhones, iPads, Macs and Apple Watch. The feature was designed to put a device in extreme protection mode so that your device would not function like usual and the features would be strictly limited. “To reduce the attack surface that could potentially be exploited by highly targeted mercenary spyware, certain apps, websites and features will be strictly limited for security, and some experiences may not be available at all,” Apple explains the feature.
Essentially, when the lockdown mode is enabled, users won’t be able to access features like iMessage, web browsing, FaceTime, Photos, Apple services, and Wi-Fi. Users will only be able to send SMS, and calls and make SOS emergency calls.
Beware of fake threat notifications
At a time like this, when the threat alert is the biggest news, there would be many hackers conspiring to take advantage of the situation. This is why it is extremely important to be more alert than ever about these notifications.
First, as mentioned above, most individuals will never be targeted by such attacks.
Second, in case you are, then be like Shashi Tharoor and verify the alert first. Head to your iCloud account and check if you see the notification on your account as well. It should be at the top of the page as soon as you log in.
Third, Apple would never send you any links or files or suggest uploading an app. “Apple threat notifications will never ask you to click any links, open files, install apps or profiles, or provide your Apple ID password or verification code by email or on the phone,” warns Apple.