4 days ago
Researchers uncover possible iPhone spyware campaign inside U.S.
Researchers published new findings that they fear could be the first evidence of an active spyware campaign targeting iPhones in the U.S. and the European Union.
Why it matters: iPhones tied to people in an EU member state's government, U.S. political campaign, media organizations and an AI company could have all been targeted as part of this operation, according to the report from mobile research company iVerify.
Zoom in: iVerify released a report indicating that the hackers may have targeted six iPhones through the "Nickname" feature in iOS, which sends a notification whenever someone's iCloud photo or name changes.
Three of the phones showed unusual crashes that iVerify considers potential signs of tampering.
In one case, a "high-value target in an EU member state" received a threat notification from Apple about a month after such a crash occurred on their device, iVerify COO Rocky Cole told Axios.
Yes, but: Apple has fixed the flaw — which was present in iOS versions through 18.1.1 — but disputes that it was ever used to hack devices.
"We've thoroughly analyzed the information provided by iVerify, and strongly disagree with the claims of a targeted attack against our users," Ivan Krstić, head of Apple Security Engineering and Architecture, said in a statement.
Apple confirmed the underlying Nickname bug but said its own field data from iPhones points to it being a "conventional software bug that we identified and fixed in iOS 18.3," Krstić added.
"iVerify has not responded with meaningful technical evidence supporting their claims, and we are not currently aware of any credible indication that the bug points to an exploitation attempt or active attack," he said. "We are constantly working to stay ahead of new and emerging threats, and will continue to work tirelessly to protect our users."
The intrigue: iVerify has not identified who was behind the activity. But the known potential targets had previously been surveilled or hacked by Chinese state-linked groups, Cole said.
What to watch: iVerify is sharing its findings publicly after consulting with several large tech firms and four EU government entities, and the company hopes their findings will encourage more security researchers to investigate the campaign further.
"It is a body of circumstantial evidence that is difficult to ignore," Cole said. "For that reason, it merits a public conversation."
The bottom line: iVerify recommends that high-risk users keep their phones updated and turn on Apple's Lockdown Mode, which is designed to guard against spyware. Cole said that it's likely that Lockdown Mode could have prevented these potential infections.
