Access Now’s Digital Security Helpline and Apple threat notifications
This is a dedicated page that provides guidance for people who have questions regarding an end-user alert by Apple that informs their customers about possible attacks aiming to compromise their devices, which may include the use of spyware.
Managed by Access Now, this page is not affiliated with Apple.
1. WHAT IS ACCESS NOW’S DIGITAL SECURITY HELPLINE?
Our Digital Security Helpline is a dedicated team providing direct technical assistance and support to civil society groups and human rights defenders around the world. This includes forensic analysis of malware targeting civil society and uncovering abuses of surveillance technology around the globe.
2. WHAT ARE APPLE THREAT NOTIFICATIONS?
According to Apple, threat notifications inform and assist people using devices that may have been targeted by mercenary spyware attacks. Apple sends such notifications by email and iMessage to the registered addresses and phone numbers across all devices associated with a person’s Apple Account. The notification is also displayed at the top of the page after the person has signed in to account.apple.com.
The language in Apple’s notifications does not indicate what attacker or technology the company detected, which requires additional analysis. However, even in situations where it may be possible to identify the specific spyware used (e.g. NSO Group’s Pegasus), it can be challenging to attribute the infection to a specific governmental operator, as spyware manufacturers purposefully design spyware to obfuscate the origin of the technology and frustrate attribution.
3. WHAT IS THE ROLE OF access now IN APPLE’S THREAT NOTIFICATIONS?
Access Now plays no role in identifying or sending out Apple’s threat notifications. While Apple points to our Helpline as a resource to ensure targeted members of civil society can ask for support, Access Now has no additional information about Apple’s notifications, which are sent out exclusively by Apple’s Security Engineering & Architecture Team.
4. WHAT TO DO IF YOU RECEIVED A THREAT NOTIFICATION FROM APPLE?
If you have received a threat notification from Apple, we recommend that you take the following safety measures:
1. Ensure your device’s operating system is up-to-date. You can find instructions here.
2. Follow the guidelines provided by Apple, including instructions to set up Lockdown mode, which you can review here.
3. Do not erase your device, as it will not necessarily prevent new infections. Instead, make a backup of the affected device to preserve potential evidence of the phone being targeted. You can find instructions here.
5. WHO CAN THE DIGITAL SECURITY HELPLINE SUPPORT?
Our Helpline is focused on supporting people and communities at risk. As such, it can only assist members of civil society, which includes independent journalists, bloggers, activists, and human rights defenders.
You can check our mandate and additional considerations of our support by reviewing the Helpline’s Terms of Service. If you are not part of civil society, we unfortunately do not have the capacity to support you. We encourage you to review and follow Apple’s guidance or contact other specialists.
6. WHAT CAN THE DIGITAL SECURITY HELPLINE DO FOR YOU?
We understand the sense of urgency you may be experiencing after getting a threat notification from Apple. Be aware that the notifications are often related to attempts to access your device some months previous to the notification. In order to better understand what actually happened to your device, a forensic investigation is necessary.
You can contact us at h[email protected]
Please be mindful that the process of vetting new beneficiaries and the analysis itself can take some time.