Apple alerts users in 92 nations to mercenary spyware attacks
Authenticity and Delivery of Apple Alerts
- Many say they would initially assume such a spyware-warning message is phishing.
- Key verification method discussed: log in directly to appleid.apple.com or iCloud via a known URL and look for a prominent banner.
- Several note that credible alerts should avoid embedded links and urgent “click now” CTAs; pure informational messages are seen as less suspicious.
- Some are surprised the alerts come via email/iMessage rather than an OS-level special UI.
iMessage, Backups, and “End-to-End Encryption”
- Criticism that iMessage’s E2EE is effectively weakened by default iCloud backups, which store message plaintext Apple can access.
- Advanced Data Protection (ADP) is cited as an optional fix, but others argue conversations are still exposed if recipients lack ADP.
- Signal is contrasted as not backing up chats in a way cloud providers can read.
- Debate over whether Apple’s marketing around “can’t decrypt” is misleading given backup behavior.
Attack Vectors, Lockdown Mode, and Extreme OPSEC
- iMessage is repeatedly mentioned as a major exploit vector with high privileges and a history of CVEs.
- For high‑risk users, advice includes: enable Lockdown Mode, disable iMessage/iCloud/Keychain, use hardware keys, minimize apps, use burner devices, and assume some compromise is inevitable.
Who Gets Targeted and Why
- A “random college student” receiving alerts sparks discussion:
- Possibilities raised: family or social ties to real targets, industrial espionage, political activism, diaspora students, misidentification, or testing exploits on low‑stakes victims.
- Emphasis that people in research labs, infrastructure, or opposition politics can be attractive targets, not just “spies.”
“Mercenary Spyware” vs “State-Sponsored”
- Apple’s shift from “state-sponsored attacker” to “mercenary spyware” is noted.
- Some see this as political softening under pressure from governments; others say “mercenary” accurately covers for‑profit hacking vendors hired by states.
- There is debate over the legality of NSO‑style tools, touching on sanctions, DMCA/CFAA, export controls, and the gap in global regulation.
Apple vs. Android Security and Notification Practices
- Some view Apple’s notifications as a positive differentiator; others reply that Google has issued similar “government-backed attacker” warnings for years.
- Security comparisons are contentious:
- Claims that recent Android (especially Pixel) is more secure, with bounty prices and hardware diversity cited.
- Counterclaims that bounties are a weak signal, OEM bloatware adds risk, and iMessage’s ubiquity makes it a particularly attractive target.