Apple has shared details of how it intends to alert iPhone (opens in new tab) users when it believes they're being targeted by state-sponsored attackers.
According to a new Apple support document, the notifications will be delivered via email and iMessage (opens in new tab) notifications to the addresses and phone numbers associated with the affected users' Apple IDs.
The notifications will identify themselves as a “Threat Notification,” and will also include steps users can take to protect their smartphones (opens in new tab).
“Unlike traditional cybercriminals, state-sponsored attackers apply exceptional resources to target a very small number of specific individuals and their devices, which makes these attacks much harder to detect and prevent,” explains (opens in new tab) Apple in its support document.
Owing to the sophisticated nature of the attacks, and the often imperfect means of their detection, Apple acknowledged that some attacks might fly under the radar. In the same vein, it also acknowledged that some of its notifications might be false alarms.
State-sponsored snooping
The development is noteworthy as it comes on the heels of news that Apple has sued (opens in new tab) the NSO Group, identifying it as a state-sponsored attacker that used the Pegasus spyware in targeted attacks, after circumventing iPhone security mechanisms.
The company has gone to the extent of contributing $10 million, as well as all the damages awarded from the lawsuit, to supporting organizations involved in the advocacy and research of cyber-surveillance abuses, including those of state-sponsored actors.
In addition to sharing details about the threat notification scheme, Apple used the opportunity to list a handful of steps to help users secure their devices.
These include the often cited best practices, such as keeping the phones updated, using two-factor authentication (2FA (opens in new tab)), installing apps only from the App Store, and such.
Build a digital moat around your network using one of these best firewall apps and services (opens in new tab), and protect your computers against all kinds of cyber-attacks with these best endpoint protection tools (opens in new tab)