Apple sends threat alerts to iPhone users in Armenia

AppleInsider

Select iPhone users in Armenia have been sent notifications by Apple that say "state-sponsored attackers" may be targeting them.

NSO Group, makers of spying tool Pegasus

The alerts were reportedly sent on October 30, 2023, which is the same day that Apple sent similar notifications to specific Indian politicians. In every case, the alert stresses that it could yet be a false alarm, but that there is reason to suspect that the user's iPhone has been targetted.

According to local publication Media.am, the alert means that the receiving iPhone "has likely been infected with Pegasus spyware, which was most likely installed by the Israeli company NSO Group on behalf of the Azerbaijani government."

Apple's alert gives no such detail of who may be hacking, or whether they are using NSO Pegasus. Rather, it warns of any state-sponsored hacking -- or the appearance of it -- and details recommended steps for the user to follow.

A typical threat alert email (Source: Media.am)

Citing its separate research Media.am claims that "the use of Pegasus by the authorities of Azerbaijan has allegedly targeted around a thousand individuals within their borders."

"The number of people targeted in Armenia is expected to be much higher, possibly in the thousands," it continues. "However, it is difficult to get an accurate estimate of the total number of individuals targeted by Pegasus."

In the example notification shown by the publication, the recipient is reminded that he or she has been notified once before and stresses that this is a new occurrence of hacking, or attempted hacking.

Media.am says that not everyone reports receiving this latest alert, but for example, "trustworthy individuals have communicated to us that 'everyone in our department has received it'."

As previously reported, NSO Pegasus has been used by the Azerbaijan government over its conflict with Armenia.

The use of Pegasus by governments has become so common that in 2021, Apple introduced its threat alert systems.


Read on AppleInsider

netrox

I wonder how do they know if their iPhones are hacked? Does the updates now include scanning for Pegasus software or do they look for distinctive behaviors? 

byronl

Great to see this. 

mikethemartian

netrox said:

I wonder how do they know if their iPhones are hacked? Does the updates now include scanning for Pegasus software or do they look for distinctive behaviors? 

I guess Apple surveils iPhones to check if any other party is also surveiling the same phone. I guess the question is if it is all local on the device or not.

appleinsideruser

Who watches the watchers? If Apple can detect this and report back to themselves that something bad is happening, isn’t this feature in itself an attack vector? A backdoor?

reiszrie

appleinsideruser said:

Who watches the watchers? If Apple can detect this and report back to themselves that something bad is happening, isn’t this feature in itself an attack vector? A backdoor?

how is status monitoring/diagnostic reporting immediately a backdoor and attack vector? kindly elaborate in detail 

appleinsideruser

reiszrie said:

appleinsideruser said:

Who watches the watchers? If Apple can detect this and report back to themselves that something bad is happening, isn’t this feature in itself an attack vector? A backdoor?

how is status monitoring/diagnostic reporting immediately a backdoor and attack vector? kindly elaborate in detail 

It's not immediately. But if a local monitoring process is reporting to a remote site, it might be re-purposed or give a hint to a vulnerability.

chasm

It is unlikely that Apple “surveils” individual iPhones, and much, much MORE likely that features introduced in whatever version of iOS debuted in 2021 has a self-scanning integrity feature that can detect Pegasus software activity. Call it built-in anti-malware, if you will.