Apple’s fight against the alleged rogue Pegasus software from the Israeli firm NSO, which is said to have been used to spy on politicos, journalists, lawyers and activists in many countries including India, is getting serious and sincere.      

After announcing that it was suing NSO for attacking iOS users, Apple has revealed that it is notifying users who have been targeted by Pegasus for surveillance. “Apple threat notifications are designed to inform and assist users who may have been targeted by state-sponsored attackers. These users are individually targeted because of who they are or what they do,” Apple said.

According to media reports, Apple has already done so for at least five Thai activists and researchers.

Earlier this year, a global investigation by a clutch of 17 media organisations along with Amnesty International and the Paris-based non-profit organisation Forbidden Stories had claimed that Pegasus was used to extract messages and information from the phones of journalists, politicians and activists in many countries including India.

Pegasus infected Android devices and iPhones, giving operators (governments, in this case) access to messages, photos and emails. It can also record calls and surreptitiously activate microphones.

Apple turns the heat on NSO

While there has been no real fight back from the Android ecosystem to the disturbing infiltration by Pegasus, Apple has chosen to take on the NSO Group holding it accountable for circumventing iPhone security mechanisms.

Apart from suing NSO, Apple has said it would contribute $10 million, as well as all the damages awarded from the lawsuit, to supporting organizations involved in the advocacy and research of cyber-surveillance abuses.  

Concomitantly, Apple is also actively monitoring devices in its ecosystem for signs that they have been compromised by Pegasus.

Here’s what Apple will do and what you need to do

Notification alert from Apple

Alert notification from Apple. (Image credit: Apple Inc)

If Apple discovers activity consistent with a State-sponsored attack, it will notify the targeted users in two ways:

  • A threat notification will be displayed at the top of the page after the user signs into appleid.apple.com.
  • Apple will send an email and iMessage notification to the email addresses and phone numbers associated with the user’s Apple ID. 

The notifications will also give out additional steps that notified users can take to help protect their devices.

Apple made it clear that the threat notifications will never ask the users to click any links, open files, install apps or profiles, or provide their Apple ID password or verification code by email or on the phone.

“To verify that an Apple threat notification is genuine, sign in to appleid.apple.com. If Apple sent you a threat notification, it will be clearly visible at the top of the page after you sign in,” Apple said.

Apple also advised all users to protect themselves from cybercriminals and consumer malware by following best practices for security that include updating devices to the latest software and latest security fixes, protecting devices with a passcode, using two-factor authentication and a strong password for Apple ID, installing apps from the App Store and using strong and unique passwords online.