After Manzana file a lawsuit against NSO Group – the company responsible for Pegasus spyware, which has been used in state-sponsored surveillance campaigns in several countries -, now the Cupertino company announces that is notifying its users that they have been a victim of this spyware.
IT MAY INTEREST YOU: Apple sues spyware ‘Pegasus’ to defend iOS users
NSO Group seeks to exploit vulnerabilities in iOS and other platforms to infiltrate the devices of certain types of users, such as journalists, activists, dissidents, academics and government officials, so Apple is notifying users that they have been attacked using a now-patched vulnerability, which allowed Pegasus to install on their devices..
According to the portal MacRumors, Apple sends these alert notifications via iMessage and email. Also, when visiting appleid.apple.com, affected users will also see a prominent “threat notification” message, indicating what happened and when.
Such notifications will provide additional steps that users can take to protect their devices.. The company emphasizes that in those notifications, it will never ask users to click links or install any type of software.
Apple acknowledges that there may be some false alarms with its notifications and that some attacks may go unnoticed as it faces constantly evolving spy tactics; In addition, the company ensures that its threat detection methods will also evolve, so will not share information about it, in order to hinder the attackers’ efforts to evade detection.
Regardless of whether or not they receive a threat notification, Apple recommends that its users follow these steps to protect their devices:
– Update devices to the latest software as it includes the latest security fixes.
– Protect devices with an access code.
– Use two-step authentication and a strong password for Apple ID.
– Install applications from the App Store.
– Use strong and unique passwords online.
– Do not click on links or attachments from unknown senders.
In addition to these recommendations, Apple also shares with its affected users a list of emergency resources, which you can consult on the website of Consumer Reports Security Planner. The resources available on this site may be helpful for users who have not received a threat notification from Apple, but believe they may have been the victim of spyware, so that they can obtain expert assistance.
These types of notifications are not new, as large companies, such as Google, for example, have for years notified possible victims of espionage. However, Apple’s explanation is relevant, due to the recent concern about spyware from the NSO Group and others, and can be crucial if you are an activist, journalist or other critic who could easily face attacks from oppressive governments.