How Apple’s threat notifications work
When Apple detects activity consistent with spyware attacks, it notifies affected users via email, iMessage, and a prominent alert on account.apple.com. These notifications, first detailed in a 2021 Apple support document, have become a key tool in spyware accountability.Though most people will never receive an alert like this, Apple issues these notifications only to a select group of users, ensuring they are based on high-confidence threat intelligence. To maintain the integrity of its system, Apple refrains from disclosing specific details about the attackers or the regions involved, in order to prevent providing any insights that could help evaders bypass detection.Users are invited to contact a nonprofit, Access Now’s Digital Security Helpline, for individualized security advice after being notified (as reported by Lorenzo Franceschi-Bicchierai with TechCrunch). Apple will not perform forensic investigations on its own—a task that many cybersecurity experts have argued should be left to nonprofits anyway.
Lockdown Mode: An important additional layer of protection
To protect against spyware attacks, Apple recommends enabling Lockdown Mode, an opt-in security feature introduced in iOS 16. Lockdown Mode blocks or limits device functionality often exploited by spyware; these include limits on link previews and attachments in messaging apps.
Apple’s continuing efforts
Since 2021, Apple has sent Threat Notifications to users in over 150 countries, which shows the breadth of mercenary spyware. The company continues to invest in its Private Cloud Compute system to track and detect threats and in improving tools like Lockdown Mode.
Critics like Eva Galperin of the Electronic Frontier Foundation believe Apple can go further by publishing threat reports and filing more lawsuits against spyware makers. But even so, Apple’s work so far marks a change for the company, one in which it’s “committed to protecting users who may be personally targeted by some of the most dangerous cyberthreats,” according to spokesperson Nadine Haija.
How to stay protected
Apple encourages all users to take the following steps to protect against general cyber threats:
- Keep devices updated with the latest software.
- Enable two-factor authentication.
- Use strong, unique passwords.
- Install only from App Store.
- Do not click on any links or open attachments from an unknown sender.
Locking down and reaching out for help from organizations like Access Now is crucial for those who suspect they may be a target of spyware.As spyware attacks become more sophisticated, Apple’s threat notifications and security features are an important line of defense. By notifying users and providing access to expert resources, Apple is setting the bar for how tech companies can begin to respond to a rising tide of digital threats.
