Apple will notify users about state-sponsored cybersecurity threats

I know of one case of a Polish prosecutor who does not obey (do not want to bend the law) Zbigniew Ziobro, who is both the minister of justice and the prosecutor general. She received a notification from Apple just today.<p>Source: <a href="https:&#x2F;&#x2F;mobile.twitter.com&#x2F;e_wrzosek&#x2F;status&#x2F;1463551631648251915" rel="nofollow">https:&#x2F;&#x2F;mobile.twitter.com&#x2F;e_wrzosek&#x2F;status&#x2F;1463551631648251...</a>

I see a lot of pessimism in the comments. But I think this is a great step in the right direction.<p>Other companies should take note. More of this, please!

I&#x27;m surprised to see protection against state sponsored attacks implemented by a company as big as Apple. Is any other &#x27;mainstream&#x27; company offering a similar feature?<p>Warrant canary [0] comes to mind, but that is usually a message to all users, as opposed to notifying an individual user.<p>[0]: <a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Warrant_canary" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Warrant_canary</a>

So something like PRISM that targets everybody won&#x27;t trigger a warning?

Will it notify users about cybersecurity threats from the US authorities or will it obey the gag order?

I wonder if this could be used to expose those that are in sensitive position. IE offer attacks at people you think are in important positions and watch how they react to the news. For example if you work somewhere sensitive and you have an accounts not tied the Apple account. The State Sponsored group is probably good enough to see your traffic patterns and to see if they change after you have been notified. Not that I think Apple shouldn&#x27;t do this but I can see someone being crafty and trying to take advantage of this. There are always trade offs in security!

I see a lot of people in the comments conflating legal requests and attacks. Regardless of your opinion on either of those issues, they <i>are</i> different things.

This is a good service since states felt it was necessary to use surveillance powers against the domestic population.<p>To me that warrant retaliation in my opinion, it would be a case for self-defense. For example isolating the trojan in a honey-pot OS and delivering it to foreign actors cybersecurity research labs. Just make it unfeasible to support such software and it will stop. My country (Germany) sadly is prone to ignore civil liberties. There were home searches because someone called a some minister a penis on Twitter and there were other severe transgressions. Since the law doesn&#x27;t protect against them anymore, the state has proved that it is not capable for responsible conduct with software the relies on zero-day-exploits which endanger every computer system.<p>Glad that companies with real security expertise put up the slack here, although they shouldn&#x27;t have to do that.

they&#x27;ll only do it if the US government allows them to.<p>Like it or not, if they go against three-letter-agencies in the US, high ranked apple employees will spend years in jail based on the rulings of secret courts where all of your rights are irrelevant. The moment the cia says the word &quot;terrorism&quot;, all your rights are gone regardless of how wrong the investigators might be. They can literally declare you guilty without you even knowing you were were accused of anything because according to them, national security is more important than the constitution.<p>they are on the same level as the ccp

Has anyone put forward some theories as to how they are pulling this off? Are they tapping into iMessage Metadata, scanning crash logs, or something along those lines? While I totally understand the need for them to keep how they are doing this private, I do find it slightly concerning. Unless they are just flagging suspicious iCloud login attempts. If it’s relating to crash logs, it would be nice to know as I’m sure a bunch of privacy focused users have that disabled.

Now if only Apple wouldn&#x27;t search for CSAM on device, allowed repair shops to get the parts they need from the manufacturer, and provided schematics for repair shops. If they did those things, I might actually buy an iPhone.

&quot;If Apple discovers activity consistent with a state-sponsored attack&quot;<p>I am really interested in understanding more about a &quot;state-sponsored attack&quot; as someone who works in Ops and has experience in CyberSec. All these years working in the industry and I had no idea you could identify an &quot;attack&quot; that easily.

Does it tell you about US sponsored cybersecurity threats?

How can Apple differentiate between state sponsored FISA hacks vs. other hacks or USA hacks?<p>Before Apple sends a notification, do they cross reference any existing warrants they received and make sure they don’t notify the customer that the US tried to hack their account, or iPhone, or requested their info?<p>Or are we to assume that Apple only means non-USA based attacks?<p>Or is the US gov going ape shit right now that all their targets they been infiltrating are going to get notified of that fact?<p>Or are we to assume anything FISA related means Apple happily and willingly had over the data and really isn’t a hack attempt?

Why do I get the feeling that if the state is China, then it won&#x27;t get reported as such. I assume their supply chain is more important.

Yet you still can&#x27;t download VPN apps in China and Saudi Arabia.

The state-sponsored cybersecurity threats I most want to know about are the ones from my country - because that is the state most likely to harm me and my family.

Even if the state in question is the USA? I think Apple should be clear if there are any states whose attacks they might ignore, for the sake of privacy, of course.

It&#x27;s only possible because Apple is too big too fail. Probably they won&#x27;t notify about the US snooping, but smaller countries often have smaller budgets that this company, so they can&#x27;t really do anything about Apple pulling strings. It&#x27;s a shame that smaller companies cannot do that without risking being closed down.

Probably related: <a href="https:&#x2F;&#x2F;www.apple.com&#x2F;gr&#x2F;newsroom&#x2F;2021&#x2F;11&#x2F;apple-sues-nso-group-to-curb-the-abuse-of-state-sponsored-spyware&#x2F;" rel="nofollow">https:&#x2F;&#x2F;www.apple.com&#x2F;gr&#x2F;newsroom&#x2F;2021&#x2F;11&#x2F;apple-sues-nso-gro...</a>

What if it is illegal to do so?

Does this include USA sponsored attacks?<p>This again another attempt at owning the device or your customer, like that CSAM backdoor wasn’t enough, now they have AI monitoring accounts, connections, etc out of each device.

What if the state is the US demanding data using NSLs or dragnet warrants?

<a href="https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Advanced_persistent_threat" rel="nofollow">https:&#x2F;&#x2F;en.wikipedia.org&#x2F;wiki&#x2F;Advanced_persistent_threat</a>

An interesting spin. So Apple might somehow treat just regular threats differently in the past or the future? How does Apple know who paid NSO group to hack their phone?

except in china, i pray that the people of the free world unite from within all countries and say enough is enough to their oppressors. it is wild to think that we still have ill actors in high ranks that are from bloodlines upon bloodlines of “ownership” of nations. there really still is a ruling class that has existed forever, sounds like a conspiracy until you look at who is buddies with who

It&#x27;s one of the largest enterprises against state-funded specialists and intelligence agencies, this will be an interesting arms race.

What if you opted in to the terms of the Chinese App Store then switch to USA.

Will it send notifications also when it is a USA sponsored attack?<p>What a joke

So Apple is saying they can’t solve their security problems?

Wonder if that works for USA targeting terrorists and how well that’ll play in court if a terrorist attacks was helped in that way.<p>Edit : silly me, US doesn’t need that, they can simply ask for the data..

cybersecurity treats include secret orders by governments to comply to any requests?

completely and absolutely based. I have ambivalent feelings about apple

Unless, it&#x27;s Chinese government. In that case, Apple handle over their control over database to Guizhou-Cloud Big Data

Does this include US-sponsored threats?

&quot;trust me bro&quot;

Will it let them know that their own phone has decided that they are a potential pedophile and their photos will be sent unencrypted to some tech centre god knows where where someone will decide whether to report them to authorities or not? Or is that ok to keep secret?