Apple notifies NSO spyware targets across multiple nations

Image c/o: Photo by GotCredit

Apple’s decision to sue the NSO Group was accompanied by a commitment to warn people when it sees that they are potentially being spied on by state-sponsored attackers. The first such warnings are beginning to emerge…

Apple sends a warning

Apple calls NSO Group “21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse.”

The warning notice is sent by email, iMessage and made available on the Apple ID login.

It feels useful to advise anyone who receives such a warning to double-check the alert (probably by visiting the Apple login page) as it seems a little inevitable that we’ll see a wave of fake warnings circulating, given what these messages concern. Apple has published more information concerning its system here.

The first reports are circulating

The first threat warnings are reportedly being received, though it is unlikely that everyone who has been impacted will go public with the news, and it is possible that some targets are people who might want to maintain a low profile.

After all, apologists for NSO’s actions claim criminals are the main target in an attempt (I guess) to spin attacks against journalists and democratic politicians as some form of ‘collateral damage’.

Which is a sad reflection of the times, I suppose.

• In Thailand at least six government critics have received them, according to Reuters.
• In Africa, a report on GhanaWeb tells us that former Presidential staff member, Stan Xoese Dogbe has also allegedly received such a warning.
• Also in Africa, Ugandan politician and president of the Democratic Party, Norbert Mao has received this alert, according to a Tweet.
• Warnings have also been received by civil society reps, opposition politicians and journalists in El Salvador, according to local reports.

The alert tells those it warns:

“Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID. These attackers are likely targeting you individually because of who you are or what you do. If your device is compromised by a state-sponsored attacker, they may be able to remotely access your sensitive data, communications, or even the camera and microphone. While it’s possible this is a false alarm, please take this warning seriously.”

There is little doubt that more such warnings will be in circulation.

More are likely

NSO Pegasus has previously been identified as being in use across at least 45 countries, including the U.S. and also:

Algeria, Bahrain, Bangladesh, Brazil, Canada, Cote d’Ivoire, Egypt, France, Greece, India, Iraq, Israel, Jordan, Kazakhstan, Kenya, Kuwait, Kyrgyzstan, Latvia, Lebanon, Libya, Mexico, Morocco, the Netherlands, Oman, Pakistan, Palestine, Poland, Qatar, Rwanda, Saudi Arabia, Singapore, South Africa, Switzerland, Tajikistan, Thailand, Togo, Tunisia, Turkey, the UAE, Uganda, the United Kingdom, Uzbekistan, Yemen, and Zambia.

“In a free society it is unacceptable to weaponize powerful state-sponsored spyware against those who seek to make the world a better place,” said Apple’s security chief Ivan Krstić.

“Apple runs one of the most sophisticated security engineering operations in the world, and we will continue to work tirelessly to protect our users from abusive state-sponsored actors like NSO Group.”

Please follow me on Twitter, or join me in the AppleHolic’s bar & grill and Apple Discussions groups on MeWe.