On Tuesday, Apple announced via a press release that it had filed a lawsuit against NSO Group. The company is responsible for creating the Pegasus spyware that authoritarian governments have used to infiltrate devices of journalists, activists, and academics in recent years. Apple explained that NSO Group used an exploit for a now-patched vulnerability to break into Apple devices. The same day that Apple announced the lawsuit, the company also published a new support article. In the article, Apple reveals how it plans to alert users with threat notifications.
How Apple’s threat notifications work
If the company suspects that someone has hacked into an Apple device, it will notify the user in two ways. First, Apple will display a Threat Notification at the top of the page when a user visits and signs into appleid.apple.com. Additionally, Apple will send an email and iMessage notification to the phone number and email address associated with the user’s Apple ID. Each of these threat notifications will explain additional steps that the user can take to protect their devices.
This is what the threat notification will look like on Apple’s Apple ID website:
Apple explains that there’s no perfect system to detect state-sponsored attacks. Even if you receive a threat notification, it doesn’t necessarily mean a foreign government hacked your phone:
State-sponsored attackers are very well-funded and sophisticated, and their attacks evolve over time. Detecting such attacks relies on threat intelligence signals that are often imperfect and incomplete. It’s possible that some Apple threat notifications may be false alarms, or that some attacks are not detected. We are unable to provide information about what causes us to issue threat notifications, as that may help state-sponsored attackers adapt their behavior to evade detection in the future.
Apple’s threat notifications will never ask you to click on links, open files, install apps, or reveal your passwords. If you want to know whether a notification is genuine, log in to the Apple ID website. If you can’t find a notification at the top of the page, someone is trying to scam you.
How to avoid being the victim of a hack
Apple shared a list of best practices that everyone should follow to stay safe online:
- Update devices to the latest software, as that includes the latest security fixes
- Protect devices with a passcode
- Use two-factor authentication and a strong password for Apple ID
- Install apps from the App Store
- Use strong and unique passwords online
- Don’t click on links or attachments from unknown senders
Finally, if you think someone has infiltrated your phone, but you haven’t received a threat notification, enlist expert help. Apple cannot detect every sophisticated state-sponsored attack, and you have to be on the lookout. Of course, the likelihood of any random individual being a target is relatively slim. Still, you can never be too careful, and simply being aware can make a difference.
In the meantime, if you haven’t already, update your iPhone to the latest version of iOS.