SecureMac, Inc.

Checklist 350: Spyware and Celebrities

November 2, 2023

Apple alerting about potential spyware, and how McAfee’s 2023 Hacker Celebrity Hot List reveals the exploitation of celebrity names for cybercriminal purposes.

The Checklist logo, episode 350: Spyware and Celebrities banner

Checklist 350: Spyware and Celebrities

Apple’s Latest Updates Unveiled: Developer Betas of iOS 17.2 and More, Introducing Key Security Features

Last week, on The Checklist, significant attention was directed toward unveiling new features and security enhancements in the latest updates for iOS and iPadOS 17.1, macOS Sonoma 14.1, watchOS 10.1, and tvOS 17.1. However, in a surprise move, Apple swiftly rolled out the first developer betas for its upcoming iterations: iOS and iPadOS 17.2, macOS Sonoma 14.2, watchOS 10.2, and tvOS 17.2.

Moreover, some of these betas are accessible to public testers, indicating that certain users may already be exploring these pre-release updates.

Key Highlights of iOS 17.2: New Features and Enhanced Security

The forthcoming iOS 17.2 promises a plethora of new features. As reported by MacRumors, these include the introduction of a Journal app for recording daily activities, using Apple’s optional prompts for inspiration, and the integration of stickers as Tapbacks in Messages. Additionally, Collaborative Playlists in Apple Music and the option to make Translate accessible via the Action Button on Pro iPhones are expected.

However, a major talking point is the introduction of iMessage Contact Key Verification. Initially designed for individuals confronting “extraordinary digital threats,” such as journalists, human rights activists, and government officials, this feature raises questions about its broader application and significance.

iMessage Contact Key Verification – A Game-Changer in Privacy Protection?

Defined as a security feature intended to safeguard communications, particularly for high-risk individuals targeted by sophisticated spying programs like Pegasus, iMessage Contact Key Verification aims to ensure the privacy of iMessage users. This, however, might extend beyond just high-profile targets.

9to5Mac asserts that despite iMessage’s end-to-end encryption, a potential vulnerability exists due to the Apple server’s ability to authorize additional devices for message decryption. In a scenario where this server is compromised, unauthorized devices could intercept and decrypt messages.

The Larger Implications: Pushback Against Surveillance

This security measure seemingly aligns with the stance taken against governmental surveillance proposals, like the “ghost proposal” introduced by the UK’s Government Communications Headquarters (GCHQ). This proposal suggested that service providers could clandestinely join group chats or calls without users’ awareness, effectively becoming silent eavesdroppers.

The Contact Key Verification feature, set to be integrated into iOS 17.2, serves as a countermeasure, enabling iMessage users to verify individual devices participating in chats. This step could render the ghost proposal impractical and serves as a warning to surveillance attempts, protecting the privacy of all users.

In essence, the introduction of Contact Key Verification signifies Apple’s move to dissuade government spy agencies from attempting unauthorized access, ultimately serving to protect the privacy and security of all iMessage users. This represents a significant step in ensuring the confidentiality of communications, offering a potential solution to broader privacy concerns in an increasingly surveilled digital landscape.

Apple Alerts Indian Opposition Figures of State-Sponsored iPhone Spy Attacks

In a recent report by TechCrunch, Apple disclosed a cautionary message to several Indian politicians and journalists, stating that their iPhones were targeted by state-sponsored attacks. The Cupertino-based tech giant revealed the targeting of over a half dozen Indian lawmakers from Prime Minister Narendra Modi’s main opposition party. These warnings surfaced just ahead of the upcoming general elections.

Apple confirmed the incidents but refrained from naming the specific state behind the spying activities. The company cited the sophisticated nature of state-sponsored attacks, emphasizing the difficulty in detecting such threats accurately. The potential false alarms and the complexity of identifying attacks were highlighted, indicating the imperfections in threat intelligence signals.

The Indian capital has faced allegations of utilizing spyware such as Pegasus on activists and opposition leaders for an extended period. Speculation around Prime Minister Modi’s administration being behind these attacks arose due to historical instances. However, the possibility of other nations benefiting from Indian instability cannot be dismissed.

Apar Gupta, a senior privacy activist, urged for transparent disclosures and independent technical analysis from the Government of India regarding their spyware purchases and usage, emphasizing the threat these incidents pose to Indian democracy.

The Indian government, while expressing concern and commitment to investigating the matter, downplayed the allegations as vague estimations, according to India’s IT Minister, creating a sense of skepticism regarding the severity of the situation.

The precarious position for Apple lies in its plans to expand its business in India, relying on the current administration’s support. This revelation puts the tech giant in a delicate situation, warning the opposition figures in a country crucial for Apple’s growth about potential espionage attempts by powerful entities.

This development highlights the intricate challenges faced by one of the world’s most valuable companies in navigating complex geopolitical landscapes while striving for business expansion and cybersecurity.

McAfee Reveals 2023 Hacker Celebrity Hot List Exposing Cybersecurity Risks Involving Top Stars

McAfee’s latest report highlights the top ten celebrities most frequently used by cybercriminals to lure unsuspecting individuals into identity theft and malware traps. The list includes notable figures such as Ryan Gosling, Emily Blunt, Jennifer Lopez, and others, utilized as clickbait for malicious purposes.

Primarily, hackers exploit these celebrity names, often in combination with terms like “free movie,” “free download,” and “lyrics,” directing users to sketchy websites aiming to extract personal information or infect devices with malware, including spyware or ransomware.

The prevalence of deepfakes adds another layer of risk, with 25 to 135 deepfake URLs discovered per celebrity search, potentially leading to deceptive disinformation.

McAfee’s recommendations to safeguard against such threats include relying on trusted outlets, avoiding suspicious websites, refraining from engaging with free movie downloads or music from illegitimate sources, and being cautious with personal information requests to prevent falling victim to phishing tactics.

Surprisingly, figures like Ryan Gosling, Emily Blunt, Jennifer Lopez, and others dominate the top ten list, raising questions about their presence in this context. McAfee’s report underscores the importance of awareness and vigilance to navigate the digital landscape without compromising personal security.

Get the latest security news and deals