The biggest hack in iPhone history is now public knowledge with some horrific attacks reported and now Apple — for the first time — is warning users who have been exposed.
The hack is called ‘Pegasus’ and went undetected for five years. It was developed by Israeli cyberarms firm NSO Group in 2016 and sold to the highest bidder, which included governments and nation states. Now Apple is fronting up to the damage Pegasus has done. It is suing NSO and has now confirmed it will send warnings to hacked individuals.
“Apple threat notifications are designed to inform and assist users who may have been targeted by state-sponsored attackers,” explained the company in an official statement. It also spelled out
A Threat Notification is displayed at the top of the page after the user signs into appleid.apple.com.Apple sends an email and iMessage notification to the email addresses and phone numbers associated with the user’s Apple ID.
Apple does warn that the system will not be perfect:
“State-sponsored attackers are very well-funded and sophisticated, and their attacks evolve over time. Detecting such attacks relies on threat intelligence signals that are often imperfect and incomplete. It’s possible that some Apple threat notifications may be false alarms, or that some attacks are not detected. We are unable to provide information about what causes us to issue threat notifications, as that may help state-sponsored attackers adapt their behavior to evade detection in the future.”
Despite these caveats, the system is beginning to go live and ThinkApple (via 9to5Mac) reports that one of the first notifications was sent to a Polish prosecutor who is subsequently asking questions of the Polish government.
While targets of Pegasus hacks are largely believed to be very specific individuals, at this stage it is impossible — given the timescale involved — to know how far and wide these government and state-sponsored attacks have spread.
“As long as we store our lives on devices that have vulnerabilities, and surveillance companies can earn millions of dollars selling ways to exploit them, our defenses are limited, especially if a government decides it wants our data,” warned New York Times senior reporter Ben Hubbard, who was hacked by Pegasus earlier this year. “Now, I limit the information I keep on my phone. I store sensitive contacts offline. I encourage people to use Signal, an encrypted messaging app, so that if a hacker makes it in, there won’t be much to find.”
To Apple’s credit, the company is now taking proactive action. That said, it continues to court controversy with plans for invasive (and flawed) device scanning in iOS 15, iPadOS 15 and macOS Monterey, technology which would open up a treasure trove of information to any group that successfully manages to hack Apple’s defences.
Just as NSO did successfully and unknowingly to Apple and its devices for the last five years