Predator Spyware Defeats Apple Privacy Dots on iPhones

A sophisticated spyware tool known as Predator has been found bypassing one of the iPhone’s most trusted privacy features — the small orange and green dots that appear when your microphone or camera are in use.

Apple introduced these indicators in iOS 14. A green dot means the camera is active, while an orange dot signals the microphone is being used. The feature was designed to reassure users that they would always know when their device was recording.

But new research from Jamf shows Predator can prevent those dots from appearing, while secretly capturing audio or video.

Fig 1. The green or orange dot working correctly.

How the spyware hides

Predator is developed by Intellexa, a surveillance firm that has previously been linked to targeted spyware campaigns. Unlike common malware, Predator does not infect devices randomly. It is typically used in highly targeted attacks.

Once installed with high-level system access, Predator interferes with the part of iOS responsible for displaying recording alerts. Specifically, it injects code into “SpringBoard,” the core system process that controls the iPhone’s home screen and status bar.

By intercepting sensor activity before it reaches the screen, the spyware blocks both the green camera dot and the orange microphone dot at the same time. To the user, everything appears normal — even though recording may be happening in the background.

Researchers say Predator doesn’t simulate shutting down the device (a technique commonly used by hackers) or create obvious signs of malfunction. Instead, the iPhone continues operating as usual, making the surveillance far more difficult to detect.

No new iPhone flaw — but still concerning

Importantly, researchers stress that this is not a newly discovered vulnerability in iOS. Predator still requires a successful compromise first, often through previously exploited security flaws or advanced attack methods.

In other words, the spyware does not magically infect phones on its own. However, once attackers gain control, they can manipulate system processes to suppress privacy warnings.

The findings highlight how advanced commercial spyware has evolved. Rather than attacking obvious weaknesses, it focuses on quietly disabling protections users rely on for reassurance.

What iPhone users should watch for

For everyday users, the risk remains low unless you are specifically targeted. Still, there are warning signs that may indicate a problem.

These can include unusual overheating, rapid battery drain, sudden performance slowdowns, or unfamiliar apps appearing on your device. While none of these guarantee spyware, they can signal that something is wrong.

Restarting an iPhone can temporarily disrupt some types of spyware, but researchers warn that sophisticated tools may reinstall themselves if the original attack method remains active.

While the orange and green dots remain an important privacy feature, this research is a reminder that no single safeguard is foolproof. Keeping iOS updated, enabling Lockdown Mode if you are at higher risk, and practicing caution with suspicious links and messages remain some of the strongest defenses available.