Source: https://mobile.twitter.com/e_wrzosek/status/1463551631648251...
Other companies should take note. More of this, please!
I received an imminent advanced security threat notification back in January 2019. Urging me to get one of those 2fa dongles (which I did). And just as well, because the next month my account was locked due to an attempted unathorized access.
(whoever works on this at Google, thank you)
(I agree that it's great that Apple is finally doing this. But it seems entirely par for the course for them to be a decade late and still get the credit.)
It seems like Apple now have introduced ‘honey pots’ and other techniques to discover if there already is someone with access to your account/device, and that is a big deal and good news. And something I have never seen from any of the other big companies.
Warrant canary [0] comes to mind, but that is usually a message to all users, as opposed to notifying an individual user.
You mean apart from basically every other mainstream tech company? [1] [2] [3]
[1] https://www.washingtonpost.com/business/economy/google-to-al...
[2] https://www.wired.com/2015/10/facebook-now-warns-users-of-st...
[3] https://threatpost.com/twitter-warns-some-users-of-nation-st...
Would smaller company stand a chance against very much any state? If men in suits taken a CEO of a big company for "a talk" in the forest there would be a lot of fuss in the media, whereas small company would probably be scared to bits and never said a word.
Keep in mind this will only work for non-court-gag-ordered instances. If the US subpoenas Apple about an individual they won't be allowed to notify them.
I have no idea how this applies to other countries.
I think this is more like: "We noticed unusual API usage and we don't have a gag order so whatever it is, it's not likely to be good"
Apple doesn’t need to know the source of the attack to issue the warning, and if the attacker is competent Apple likely wouldn’t know the source, such that a gag would not apply.
I don't see how Google could have been aware that this was happening, although they certainly could have known it was theoretically possible.
For example, when China demanded that iCloud for Chinese users was handed over to GCBD[0], and Apple complied, it was not, in any way, something that would be accurately described as an "attack". Apple cooperated with the demands that the legal environment presented.
[0] https://www.apple.com/legal/internet-services/icloud/en/gcbd...
To me that warrant retaliation in my opinion, it would be a case for self-defense. For example isolating the trojan in a honey-pot OS and delivering it to foreign actors cybersecurity research labs. Just make it unfeasible to support such software and it will stop. My country (Germany) sadly is prone to ignore civil liberties. There were home searches because someone called a some minister a penis on Twitter and there were other severe transgressions. Since the law doesn't protect against them anymore, the state has proved that it is not capable for responsible conduct with software the relies on zero-day-exploits which endanger every computer system.
Glad that companies with real security expertise put up the slack here, although they shouldn't have to do that.
Like it or not, if they go against three-letter-agencies in the US, high ranked apple employees will spend years in jail based on the rulings of secret courts where all of your rights are irrelevant. The moment the cia says the word "terrorism", all your rights are gone regardless of how wrong the investigators might be. They can literally declare you guilty without you even knowing you were were accused of anything because according to them, national security is more important than the constitution.
they are on the same level as the ccp
This is a warning that someone is trying to gain unauthorized access to your account. If the US government wants access it probably has better methods than brute force, such as ordering Apple to hand over your stuff.
I see no reason to think Apple will want to stay silent about an attacker trying to hack a user's account just because they might stay silent about warrants with gag orders.
When we're talking CIA, you can't get your way out of it with a better lawyer of by paying a fine. It's a decade of jail waiting for you if you don't bend over and give them exactly what they want. You have no constitutional rights when it comes to national security. they are legally allowed to kill US citizens without having to get court approval if they think they are a threat to the nation.
In which case, NSO f!@#ed up and left iCloud Messages Backup enabled, which stores unencrypted copies of the End-to-End messages and makes it trivial for Apple to alert any person that these accounts messaged to. That's one possibility.
They admit themselves that these attacks are not easy to detect.
It is not possible to disable all telemetry entirely.
I am really interested in understanding more about a "state-sponsored attack" as someone who works in Ops and has experience in CyberSec. All these years working in the industry and I had no idea you could identify an "attack" that easily.
> Unlike traditional cybercriminals, state-sponsored attackers apply exceptional resources to target a very small number of specific individuals and their devices, which makes these attacks much harder to detect and prevent.
> State-sponsored attackers are very well-funded and sophisticated, and their attacks evolve over time. Detecting such attacks relies on threat intelligence signals that are often imperfect and incomplete. It’s possible that some Apple threat notifications may be false alarms, or that some attacks are not detected.
Identifying the source of these attacks is often done by analyzing the tools and techniques, in comparison to other known tools and methods, and/or by information gathered in meat space.
If the complaint is that attribution is sometimes sketchy, so? Sometimes it isn't.
Before Apple sends a notification, do they cross reference any existing warrants they received and make sure they don’t notify the customer that the US tried to hack their account, or iPhone, or requested their info?
Or are we to assume that Apple only means non-USA based attacks?
Or is the US gov going ape shit right now that all their targets they been infiltrating are going to get notified of that fact?
Or are we to assume anything FISA related means Apple happily and willingly had over the data and really isn’t a hack attempt?
Contains the canary: “To date, Apple has not received any orders for bulk data.”
From a more philosophical point of view - expecting a large corporation to go mano a mano on your behalf, against a major state security organization...that's right up there with expecting Santa Claus to punish all the evil spies for being naughty.
This again another attempt at owning the device or your customer, like that CSAM backdoor wasn’t enough, now they have AI monitoring accounts, connections, etc out of each device.
What a joke
Edit : silly me, US doesn’t need that, they can simply ask for the data..
