How does Apple’s ‘State-Sponsored Attack’ alert work and what should you do if you get one

Apple alerts users when they suspect that hackers, especially state-sponsored hackers are trying to gain access to your device or Appple account. But how exactly does this work? Moreover, what should you do when you get such a notification?

In a recent development, several prominent political leaders in India have claimed receiving alerts of state-sponsored attackers on their Apple iPhones. These notifications, often referred to as Apple threat notifications, are designed to inform and assist users who may have been targeted by state-sponsored attackers.

Not just political leaders and journalists in India, but people in over 150 countries have received similar notifications.

However, Apple has not officially confirmed the authenticity of these alerts that were shared by political leaders in India. Mind you though, the company does have a pre-existing support page explaining this feature.

Related Articles

Apple sent hacking alert, say Opposition leaders. What went wrong?

Apple publicly releases iOS 17.1 with improvements to AirDrop, StandBy and major bug fixes

State-sponsored attackers, according to Apple, are not your typical cybercriminals. They possess significant resources and focus their efforts on a very small number of specific individuals and their devices, making their attacks challenging to detect and prevent. These attacks are highly sophisticated, costly to develop, and often have a limited lifespan.

If Apple identifies activity consistent with a state-sponsored attack, affected users are notified in two ways. First, a Threat Notification is displayed at the top of the page after the user signs into appleid.apple.com. Then, Apple sends an email and iMessage notification to the email addresses and phone numbers associated with the user’s Apple ID.

These notifications provide additional steps for users to take to safeguard their devices, including enabling Lockdown Mode, which can be found in Settings > Privacy and Security > Lockdown Mode.

However, it’s crucial to understand that the detection of such attacks relies on threat intelligence signals, which are sometimes imperfect and incomplete. Consequently, some Apple threat notifications may be false alarms, or certain attacks may go undetected. Even Apple admits this

Apple advises users to never click on any links, open files, install apps or profiles, or provide their Apple ID password or verification code via email or over the phone, when they a threat notification. Instead, users should sign in to appleid.apple.com to check if a threat notification is real. If Apple has sent a threat notification, it will be prominently displayed at the top of the page after signing in.

In light of these reports and to protect themselves from cybercriminals and consumer malware, all Apple users are encouraged to follow best practices for security, including:

1. Keeping their devices updated with the latest software.
2. Securing their devices with a passcode.
3. Using two-factor authentication and strong passwords for their Apple ID.
4. Installing apps from the official App Store.
5. Utilising strong and unique passwords for online accounts.
6. Avoid clicking on links or attachments from unknown senders.

Business Today has reached out to Apple for confirmation regarding the recent reports on the ‘State-sponsored Attackers’ alert, and the story will be updated accordingly when the company responds.