Global tech major Apple was expected to be busy with new product launches and news on latest innovation coming out of its ‘Scary Fast Event 2023’ today. But in India, the company was found in the middle of an unravelling political controversy that brought its security system under the spotlight.
Several political leaders belonging to Opposition parties, and other public figures, took to social media on Tuesday morning to suggest that they have been victims of a ‘state-sponsored attack’ on their Apple devices.
Widespread concerns were caused as a result of Apple sending ‘threat notifications’ to some prominent faces in India via SMS and email, indicating that their iPhone headsets, and sensitive information stored in them, is under attack by threat actors associated with government authorities.
“Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID,” the threat notification read. This was seen as a political attack on Opposition leaders with many uploading screenshots of Apple’s threat alert message on their social media platforms and alleging that the central government might have something to do with suspected snooping activity.
Who Were The Targets In The ‘Threat Alert’ Saga?
Prominent Opposition parliamentarians who received a threat notification from Apple include Mahua Moitra of Trinamool Congress, Shashi Tharoor of Indian National Congress, Priyanka Chaturvedi of Shiv Sena UBT, Asaduddin Owaisi of AIMIM and Raghav Chadha of Aam Aadmi Party.
Besides these MPs, other political leaders like Chhattisgarh deputy chief minister T.S. Singhdeo, Telangana chief minister K. Chandrashekar Rao, Congress spokespersons Pawan Khera and Supriya Shrinate, CPIM general secretary Sitaram Yechury and Samajwadi party president Akhilesh Yadav also received alert message from Apple cautioning them of attacks from state-sponsored actors.
Other than politicians, journalists like Sriram Karri of Deccan Chronicle, Siddharth Varadarajan of The Wire and Hyderabad-based Revathy also received similar threat notifications. Samir Saran, president of research institute ORF, also shared screenshot on social media showing the alert message sent by Apple.
Union minister Rajeev Chandrasekhar claimed that the alerts were not just issued to people from Opposition parties and said that Commerce minister Piyush Goyal also received a threat notification from Apple earlier in the day.
When Are Threat Notifications Issued By Apple?
Following the uproar caused by these threat alerts, Apple issued a single-line statement on the matter: “Apple does not attribute the threat notifications to any specific state-sponsored attacker”. Although Apple clarified that, at times, these notifications could be false alarms, the company cautioned users to take the alerts very seriously.
The tech major also shared snippets from its support page on threat notifications which said that Apple is unable to share information on what causes the issual of such notifications in the first place because that could result in state-sponsored attackers bypassing their detection process in the future.
Apple issues distinct alerts for attacks suspected to be state sponsored because state actors have a lot of resources at their disposal which makes prevention of malware attacks from their end very difficult. Such attacks are more complicated than the ones carried out by regular cybercriminals.
The threat notification system was launched in November 2021 and since then, such alerts have been issued to users in 150 countries across the world. Notably, this is not the first time that Apple users in India have received threat notifications warning of attack by state-sponsored actors in 2023. In August, A. Murali, a retired IAS officer from Telangana had reported receiving such alerts on his iPhone.
The former civil servant attributed the attack to the state government of BRS and the central government of BJP back then, since he claims to be equally critical of both. He’d also mentioned that other civil socirty faces in Telangana got similar alerts from Apple. However, in terms of scale, the recent spate of alerts issued to parliamentarians and other prominent Opposition figures is much more concerning than the alerts received by certain people in Telangana earlier.
Union Government’s Response
Following the uproar from Opposition parties, the BJP-led central government launched a formal investigation into the matter. Cert-IN, the cybersecurity investigation unit under the Ministry of Electronics and IT, will head the investigation. “We request each and every person who has received the advisory [threat alert] to please cooperate with the investigation and make sure that we go to the depth of the matter,” Union IT Minister Ashwini Vaishnaw said.
However, the IT Minister dismissed the concerns raised by Opposition leaders as “distraction politics”. Some politicians from Opposition partiesition parties had claimed that the Centre is snooping on them in the run-up to the 2024 General Elections. The minister also placed the onus on Apple to share more information on how the threat alerts were issued.
“It’s very clear that Apple has no clear information on the matter. They [Apple] issued alerts to people based on estimates and it’s hypothetical. It’s vague and as you know Apple claims that its encryption system cannot be hacked,” Vaishnaw told reporters.
Concerns Over Malware As Political Tool
State-sponsored technological threats could have grave consequences in a country where accusations around the government’s use of Pegasus spyware still persist. Pegasus, a spyware developed by Israel-based NSO Group, was deployed against journalists, activists and political leaders in India from 2019 onwards.
A technical committee appointed by the Supreme Court to look into Pegasus snooping scandal submitted its findings to the top court last year, but it remains under seal and is not available to the general public.
Earlier this year, Financial Times also reported that the Indian government is looking to buy spyware for a price upto $120 million in the coming years. Under such a scenario, the concerns raised by Apple’s threat alerts issued to Opposition political leaders are significant in nature.
