VentureBeat presents: AI Unleashed - An exclusive executive event for enterprise data leaders. Network and learn with industry peers. Learn More

Immue, an Israel-based cybersecurity company providing holistic anti-bot and anti-fraud defense solutions, claims it’s found concerning vulnerabilities in one of Apple’s latest privacy features — the iCloud Private Relay. While helping organizations across multiple industries stop cyber fraud and bot attacks targeted at their companies, Immue said it detected many of these attacks coming from internet protocols (IPs) associated with Apple and their two supporting Akamai and Cloudflare servers. 

In an exclusive interview with VentureBeat at the ongoing CyberWeek Tel Aviv, cofounders Amit Yossi Siva Levi (CTO) and Shira Itzhaki (CEO) confirmed that threat actors take advantage of the anonymity and web browsing privacy features of Apple’s technology to mask their IPs and launch multiple untraceable attacks.

How Apple’s private relay works

In June of 2021, Apple hosted its annual Worldwide Developers Conference to showcase its latest technologies. Among the technologies launched, the most significant and controversial was the private relay technology which would form part of the iCloud+ subscription. With this service, users on iOS 15, iPadOS 15 and macOS Monterey can browse securely without worrying about having their browsing activities tracked and sold to the highest bidder.

By enabling this feature on an upgraded Apple device, users’ browsing activities on Safari are routed through two separate internet “relays” using a sophisticated multi-hop architecture. This rerouting guarantees that no single party — including Apple — can track the exact origin of the request, making it impossible for websites to create a detailed profile of users. Some experts have even called it “internet privacy on steroids.”


AI Unleashed

An exclusive invite-only evening of insights and networking, designed for senior enterprise executives overseeing data stacks and strategies.


Learn More

The exploitation

How private data is managed and shared has always been a concern for the average internet user. Mckinsey reports that internet users are becoming increasingly intentional about the kind of data they share online and with whom, as no industry reached a 50% trust rating. With multiple data breaches springing up globally, many providers and even the government have made efforts towards curbing the menace — so much so that Gartner predicts the personal data of over 75% of the global population will be protected by new privacy regulations by 2025.

The McKinsey report also revealed that these breaches have made users turn to tools that give them more control over their data and its privacy — like the private relay. However, in solving this problem, Apple has inadvertently created a leeway for cyberattackers to thrive.

In what Levi described as “a new kind of attack,” he explained that masking IP addresses with proxies, VPN or the Tor network to avoid IP-based detection (like rate limit or IP score) is the single most important rule in cyberattack. He added that in the last two months, Immue has seen attackers abuse Apple’s new feature to mask their IPs and send thousands of bots to attack their customers. These private relay IPs are also whitelisted by Apple, giving adversaries uninhibited access to any website. Immue reports the attackers used 192 different IPs to generate three attacks with a volume of up to 50,000 bot requests each time. 

Although Apple said the private relay technology was fitted with anti-fraud and anti-abuse systems like rate-limiting, single-use authentication tokens and consistent IP address per browsing session, it advised that fraud detection systems relying only on IP addresses should be updated to control the situation. 

Founded in January of 2021, Immue claims its offering is helping different organizations across multiple industries like travel, finance, ecommerce, cryptocurrency and more — to outwit the most experienced human fraudsters and undetectable bots. The company says it offers powerful anti-bot and anti-fraud defense in one holistic solution that mitigates the impact of cyberattacks on businesses.

Immue’s unique value proposition, according to its cofounders, is its ability to detect cyber threats that no one knows exist. The company does this by monitoring and gathering data about the latest fraud mechanisms, tools strategies and using that information to detect, prevent or stop cyberattacks before they even materialize.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.