FlagThis

Apple is notifying users who are likely targets of government-sponsored spyware, but is redirecting them to third-party security labs instead of performing in-house forensic analysis. This decision stems from Apple's concern that in-depth analysis could reveal spyware capabilities to the attackers. The company is alerting victims that their devices are potentially compromised by mercenary spyware and specifically directing them to seek assistance from the nonprofit Access Now, which runs a digital security lab specializing in this area.

This approach is supported by cybersecurity experts who work with at-risk individuals such as human rights defenders and journalists. They agree that Apple is taking the correct course by informing users while abstaining from forensic analysis. John Scott-Railton, a senior researcher at the Citizen Lab, noted that the notifications have been a “game changer for spyware accountability research.” The notifications from Apple, according to Access Now, indicate a high confidence in the warning, emphasizing the importance of taking it seriously. Apple’s stance comes from an incident where they declined to analyze devices belonging to campaign staff of US vice president Kamala Harris after they triggered an anomaly detection tool.

ImgSrc: techcrunch.com

References:

• @lorenzofb - LorenzoFB's Mastodon post on Apple's spyware notifications. - 6d
• @zackwhittaker - Zack Whittaker's Mastodon post on Apple's spyware notifications. - 6d
• TechCrunch - TechCrunch article about Apple sending victims to a nonprofit lab. - 6d
• Techmeme - Experts say Apple's spyware notifications for victims are a game changer for research; the notifications direct the victims to nonprofit security lab Access Now (Lorenzo Franceschi-Bicchierai/TechCrun - 5d

Classification:

• HashTags: Spyware CyberSecurity Privacy
• Company: Apple
• Target: Human Rights Defenders, Journalists
• Product: iPhone
• Feature: Spyware Notification
• Type: Espionage
• Severity: Medium