The protection of privacy and digital rights in an increasingly interconnected and digitized world is a constant challenge. Spyware attacks have become one of the most insidious threats in the realm of cybersecurity, especially for human rights defenders, journalists, activists, and political dissidents.
These individuals, who play a critical role in exposing abuses of power and promoting freedom, are frequently targeted by governments and private actors interested in monitoring, surveilling, and manipulating their communications and activities.
In this context, Apple, one of the world's most powerful tech giants, has taken a prominent stance in the fight against spyware. Through a notification system for users who may be under attack, Apple has started alerting iPhone owners about the possibility of being targeted by government-sponsored spyware.
However, its approach has generated both praise and criticism, as Apple does not directly engage in forensic analysis of compromised devices. Instead of offering direct assistance, Apple redirects victims of the attacks to specialized organizations like Access Now, which play a key role in defending digital rights and fighting illegal surveillance. Below, ITD Consulting will explain the details of this Apple cybersecurity solution.
What is Spyware and Why Is It a Global Threat?
Spyware is a type of malicious software designed to infiltrate a device without the user's knowledge in order to spy on their activities. Spyware attackers can gain access to a wide range of sensitive data, such as private messages, passwords, emails, photos, and videos, and even remotely record audio or video.
This type of digital surveillance, spyware, is becoming increasingly common in contexts where civil liberties and human rights are under threat, and journalists and activists are the primary targets.
One of the most insidious aspects of spyware is that, unlike other types of malware that can be detected by antivirus and other cybersecurity tools, advanced spyware is extremely difficult to identify. Spyware attackers, especially those sponsored by authoritarian governments, use sophisticated technologies like Pegasus, spyware created by the Israeli company NSO Group, which allows spying on iPhones and other devices almost invisibly.
This type of spyware has the ability to bypass most defenses, making it a preferred tool for those looking to spy on individuals of interest without being detected.
The Kamala Harris Case: An Example of the Spyware Threat
The case of Kamala Harris' presidential campaign in 2020, as mentioned in Forbes reports, is a clear example of how spyware can target high-profile individuals in the political realm.
According to the report, before the elections, Kamala Harris' cybersecurity team contacted Apple because a spyware detection tool on iPhones had flagged anomalies on two devices belonging to members of her staff. Despite the seriousness of the situation, Apple chose not to conduct a forensic analysis of the compromised devices.
Apple's response was a surprise to many, especially cybersecurity experts working with at-risk populations such as journalists, human rights defenders, and activists. However, for those familiar with Apple's privacy and security policies, this decision was not a surprise.
Rather than conducting direct forensic investigations of the compromised devices, Apple prefers to redirect victims of spyware to specialized external organizations, like Access Now, that have the capacity to handle such incidents more effectively and with the appropriate approach.
Apple's Role: Spyware Notifications and Digital Protection
Since 2021, Apple has implemented a notification system designed to alert users who might be under attack by spyware. This alert system has been key in notifying individuals targeted by mercenary spyware, such as Pegasus.
Apple sends a message to the affected users, indicating that their devices are highly likely to have been compromised due to a targeted attack aimed specifically at them because of their identity or activities.
Apple's Alert Message: A Crucial Step in the Fight Against Spyware
In its notification, Apple informs users that their device has been identified as a target of a spyware attack and provides the following recommendations for protection:
- Update their iOS software and all apps on the device.
- Enable Lockdown Mode, an advanced security feature that limits certain device functionalities to prevent unauthorized access.
- Contact specialized cybersecurity organizations like Access Now for forensic analysis and guidance on how to protect themselves effectively.
These Apple notifications have been very useful in alerting users, especially those without the technical knowledge to identify a spyware attack on their own. While Apple does not perform direct forensic analysis, these alerts provide clear guidance for at-risk individuals and direct them to the right resources for assistance.
Access Now: The Real-Life Digital Detectives
Access Now is a nonprofit organization dedicated to defending digital rights and online privacy. The mission of Access Now is to protect people in high-risk situations, particularly human rights defenders, journalists, activists, and political dissidents, who are the primary targets of spyware attacks. Access Now provides a digital helpline that offers advice and technical assistance to users who suspect they have been targeted by spyware.
Access Now’s Work in Protecting Against Spyware
Access Now not only helps individuals detect spyware but also conducts critical forensic work to document the attacks and expose the tactics used by malicious actors. The organization works closely with other entities investigating spyware, such as Citizen Lab and Amnesty International, to produce detailed reports on threats and the responsible actors.
According to Natalia Krapiva, a lawyer at Access Now, Apple’s notification system has been a significant step forward in the battle against spyware. Before Apple began sending alerts to affected users, investigations into these attacks were much harder to carry out. "We were in the dark, not knowing who to investigate," Krapiva remarks, highlighting how Apple’s notifications have enabled Access Now and other organizations to conduct more effective investigations.
Access Now also plays a crucial role in triaging cases, which involves assessing the severity of an attack and determining the appropriate steps to take. Through its helpline, the organization receives thousands of cases each year. In 2024, for instance, Access Now had received over 4,000 tickets related to potential spyware attacks.
Crucial Support in Vulnerable Contexts
Access Now's work is especially critical for those in vulnerable situations, such as journalists reporting on sensitive political issues or human rights defenders fighting against repressive regimes. The organization not only provides technical advice but also supports users with educational resources on how to protect themselves and identify signs of a potential spyware attack.
Furthermore, Access Now's work has been essential in pressuring governments and tech companies to take stronger measures against spyware and illegal surveillance. Through its advocacy efforts, Access Now has drawn attention to the need for greater regulation of surveillance tools and has promoted the adoption of international standards for privacy and human rights protection.
The Criticism: Why Doesn't Apple Conduct Direct Forensic Analysis?
One of the main criticisms of Apple’s approach has been its decision not to perform direct forensic analysis on devices compromised by spyware. Instead of directly involving itself in the investigation of these attacks, Apple limits itself to alerting users and directing them to Access Now or other organizations.
According to Runa Sandvik, a cybersecurity expert, this decision makes sense from a business perspective. “Large tech companies don’t want to get into the business of doing forensics on users’ devices,” Sandvik says.
This position prevents Apple from becoming entangled in complex legal investigations and potential disputes over user privacy. Additionally, forensic investigations require a high level of expertise and resources, something that organizations like Access Now can provide more effectively.
However, Eva Galperin, Director of Cybersecurity at the Electronic Frontier Foundation (EFF), believes that Apple could do more to combat spyware. Galperin suggests that Apple could collect more information about the attacks and share it with the cybersecurity community to help identify and neutralize the responsible actors. In this sense, Apple could collaborate more closely with researchers and international organizations to create a global defense network against spyware.
Lockdown Mode: A Key Protection Feature
One of the main security tools that Apple has introduced to protect users from spyware attacks is Lockdown Mode. This feature restricts several device functionalities, making it more difficult for attackers to exploit vulnerabilities in the operating system.
Lockdown Mode is especially useful for at-risk individuals, such as journalists and activists, who may be targets of highly sophisticated spyware attacks. According to John Scott-Railton, Senior Researcher at Citizen Lab, Lockdown Mode represents a significant advancement in mobile device protection.
“It’s a radical shift to increase security, especially for those who are at risk,” he explains. Activating Lockdown Mode limits several device functionalities, including restricting access to third-party applications, disabling certain communications, and blocking some network functions.
A Necessary Change in Digital Security Culture
The implementation of Lockdown Mode reflects a fundamental shift in how tech companies like Apple approach cybersecurity. The adoption of stricter security measures to protect Apple’s most vulnerable users marks a step toward a more proactive and responsible approach to digital surveillance.
As the use of advanced technologies expands across all aspects of human life, so does the ability of malicious actors to exploit these tools for their own benefit. Spyware, one of the most pernicious threats, is used to monitor and control individuals and groups for political, economic, or ideological purposes. This creates a highly complex digital landscape where the line between personal privacy and non-consensual surveillance becomes increasingly blurred.
In this context, the actions of companies like Apple, which alert users to possible spyware infections, represent an important step in the defense of digital rights. However, the fact that these alerts are not accompanied by a complete forensic analysis by Apple itself leaves a significant gap that other organizations, like Access Now, must address. While Apple plays an important role in protecting privacy, this situation also highlights the need for a more integrated and effective response framework.
The challenge of combating spyware is not solely on tech companies. While these companies have the power to implement more robust security solutions, the threat posed by government-grade spyware requires a multidimensional approach. This type of espionage is often state-sponsored and involves resources and capabilities far beyond those of ordinary cybercriminals.
Hence, it is essential that human rights organizations, such as Amnesty International or Citizen Lab, work closely with technology companies and governments to coordinate large-scale and effective responses. This collaboration is crucial not only for identifying and mitigating attacks but also for advocating for policies that limit the use of spyware for mass surveillance.
Without a coordinated approach, spyware attacks will continue to grow as a significant threat, particularly for society’s most vulnerable sectors, such as journalists and human rights defenders.
To ensure effective protection against spyware, public policies must quickly adapt to new digital realities. This involves not only adopting laws that restrict the use of invasive technologies but also creating regulatory frameworks that ensure tech companies are held accountable for the security of their users’ data.
Globally, international standards for privacy and cybersecurity must be strengthened to ensure that people can live, communicate, and work without fear of being monitored by governments or other entities. As the fight against spyware intensifies, it will also be crucial for governments to commit to protecting their citizens from digital threats by regulating the use of surveillance tools in ways that do not undermine fundamental rights.
The balance between national security and individual privacy will be a central issue in the coming years. Ultimately, the evolution of digital threats and the growing use of spyware underscores the importance of educating and empowering users to protect their own online security. While alerts from Apple and organizations like Access Now are crucial, the challenge also lies in raising awareness about best practices for digital security among the general public.
Strengthening the cyber defense capabilities of individuals and groups, especially those in at-risk situations, is an urgent task. Training in protective tools, such as Apple’s Lockdown Mode and the use of spyware detection apps, is essential to allow people to act quickly in the face of threats. The fight against spyware will only be effective if it combines firm legal action, inter-institutional collaboration, and a well-informed population regarding digital threats.
The defense of privacy in the digital age is a shared responsibility among governments, businesses, human rights organizations, and every individual. If you want to learn more about Apple’s security measures and how they impact your operations, feel free to contact us at [email protected]. Our team of technology experts is here to help you maintain your company's cybersecurity.
EN 
ES