When an 82-year-old Kentucky woman was offered $26 million from an AI company that wanted to build a data center on her land, she said no. Sure, that same company can try to rezone 2,000 acres nearby anyway, but as AI infrastructure stretches further into the real world, the real world is starting to push back. 

That tension is everywhere this week, from OpenAI shutting down its Sora app to courts finally starting to hold social platforms like Meta accountable. On this episode of TechCrunch’s Equity podcast, Kirsten Korosec, Anthony Ha, and Sean O’Kane dig into what it looks like when the AI hype cycle meets reality. 

Subscribe to Equity on YouTube, Apple Podcasts, Overcast, Spotify and all the casts. You also can follow Equity on X and Threads, at @EquityPod. 

Almost four years after launching a security feature called Lockdown Mode, Apple says it has yet to see a case where someone’s device was hacked with these additional security protections switched on. 

“We are not aware of any successful mercenary spyware attacks against a Lockdown Mode-enabled Apple device,” Apple spokesperson Sarah O’Rourke told TechCrunch on Friday.

It’s the tech giant’s most recent affirmation that Apple devices with Lockdown Mode can withstand government spyware attacks, after first making the claim a year after the security feature’s debut.

Apple in 2022 announced Lockdown Mode, an opt-in series of security protections that switches off certain features in iPhones and other Apple devices that are commonly exploited to hack targets with spyware. Apple specifically released this security mode to help at-risk customers defend themselves from the threats posed by government spyware made by companies like Intellexa, NSO Group, and Paragon Solutions.

In recent years, Apple has conceded that its customers can be hacked by spyware and has been more proactive about notifying customers who have been targeted.

Apple has sent numerous batches of notifications to users in over 150 countries, alerting them that they may have been hacked with spyware, which shows how much visibility the company now has on these types of attacks. Apple has never said how many users it has notified, but it’s likely fair to assume there have been dozens, if not more.

Donncha Ó Cearbhaill, the head of the security lab at Amnesty International, where he has investigated dozens of spyware attacks, said that he and his colleagues “have not seen any evidence of an iPhone being successfully compromised by mercenary spyware where Lockdown Mode was enabled at the time of the attack.”

Digital rights organizations like Amnesty International and the University of Toronto’s Citizen Lab have documented several successful attacks on iPhone users, none of which have mentioned a bypass of Lockdown Mode. In at least two cases, Citizen Lab researchers publicly said they had seen Lockdown Mode actively block spyware attacks, one carried out with NSO’s Pegasus, the other with Predator spyware, made by a company now part of Intellexa.

In at least one documented case of a spyware attack targeting iPhones, security researchers at Google said the spyware would bail out of trying to infect the victim if it detects Lockdown Mode, likely as a way to evade detection.

Patrick Wardle, an Apple cybersecurity expert and critic, says that Lockdown Mode is an important feature that makes it more difficult for spyware makers to attack Apple users.

“I think it’s safe to say, Lockdown Mode is one of the most aggressive consumer-facing hardening features ever shipped,” he told TechCrunch. 

Wardle explained that by “shrinking the attack surface,” Lockdown Mode eliminates many techniques normally used to exploit the iPhone, and forces spyware makers to use more complex and expensive techniques to develop.

“It kills entire delivery mechanisms/exploit classes,” he added, “as it blocks most message attachment types, restricts WebKit features. This is really a huge reduction in remotely reachable attack surface, especially for zero-click exploit chains,” referring to hacks that can target people over the internet without any interaction from the victim.

It’s possible that Lockdown Mode has been bypassed, and neither Apple nor independent investigators have caught the attack. But given that Apple is typically publicly tight-lipped at the best of times, its latest statement marks a significant milestone for Lockdown Mode.

I have used Lockdown Mode for years, and I barely think about it — except when it pops up notifications that can be occasionally confusing. Some features that have been switched off require you to take an extra step, such as copying and pasting links from text messages to your browser. That’s why I, and several digital security experts, recommend anyone worried about being targeted by spyware or digital attacks to switch on Lockdown Mode.

A hacking group backed by the Iranian government dubbed “Handala” said on Friday that it has breached the personal email account of FBI director Kash Patel. 

In a post on its website, Handala included several pictures of a visibly younger Patel, as well as a link to a cache of files that appear to come from Patel’s personal Gmail account. 

“The FBI is aware of malicious actors targeting Director Patel’s personal email information, and we have taken all necessary steps to mitigate potential risks associated with this activity,” a spokesperson for the FBI told TechCrunch in a statement. “The information in question is historical in nature and involves no government information.”

The FBI said it was also offering up to $10 million in rewards for information relating to the Handala hackers.

TechCrunch confirmed that at least some of the emails leaked by Handala were from Patel’s alleged Gmail account by verifying information contained within the message headers. These message headers contain information from the sender that helps email delivery systems confirm that an email is genuine and not a spoof.

We used a tool to verify several emails in the leaked cache of files that were sent by Patel from his Gmail account. These emails contained cryptographic signatures that matched the messages, which strongly suggests that the emails we checked are authentic. In some cases, Patel appears to have sent emails from his former Justice Department email address in 2014 to his Gmail account. TechCrunch found that the emails sent from Patel’s DOJ account also appeared to be authentic.

The files in the leaked cache appear to date up to about 2019.

The Justice Department did not immediately respond to a request for comment.

Reuters, which first reported the email leaks, said a Justice Department official confirmed the breach. 

TechCrunch sent messages seeking confirmation to Patel’s Gmail email address revealed by the hackers, as well as a text message to a cellphone number contained in a resume allegedly belonging to Patel. We did not immediately hear back.

Since the U.S.-Israeli war against Iran started in February, Iran-linked Handala has ramped up its hacks, most notably claiming responsibility for a destructive attack against medical tech giant Stryker that wiped tens of thousands of employee devices. The hackers have also published the personal details of several people who are allegedly part of the Israeli Defense Forces and local defense contractors.

Following the Stryker hack, the FBI seized a handful of Handala websites, which quickly came back online on new domains. U.S. prosecutors have formally accused the Iranian ministry of intelligence and security (MOIS) of operating the Handala group. 

The hackers did not respond to TechCrunch’s request for comment sent to a chat account that the hackers publicize on their website, as well as an email address owned by the group that was published by the Justice Department.

Updated to include a statement from the FBI, and corrected the fourth paragraph to note that the emails were sent from Patel’s DOJ email address, and not his FBI email address. ZW.