Members of Parliament (MPs) Mahua Moitra, Priyanka Chaturvedi, Asaduddin Owaisi, Sashi Tharoor, and Raghav Chadha took to social media to share an alert they received from Apple that state-sponsored (government-backed) attackers might be targeting their iPhones. The Wire reported that politicians Akhilesh Yadav and Sitaram Yechury also received similar alerts from Apple. All of these politicians belong to opposition parties.
Apart from the above, the following people also reportedly received an alert from Apple:
- Congress spokesperson Pawan Khera
- Congress spokesperson Supriya Shrinate
- Sriram Karri (Resident Editor, Deccan Chronicle)
- Siddharth Varadarajan (founding editor, The Wire)
- Samir Saran (President, Observer Research Foundation)
- Revathi Pogadadanda (Journalist)
- K.T. Rama Rao (TelanganaMLA and Minister)
We will continue to update this list as more people come out.
What are these threat notifications from Apple: In the aftermath of the Pegasus surveillance issue in 2021, where governments spied on their citizens by infecting their phones, Apple launched a new feature that alerts users when the company notices an activity consistent with a state-sponsored attack.
“These users are individually targeted because of who they are or what they do. Unlike traditional cybercriminals, state-sponsored attackers apply exceptional resources to target a very small number of specific individuals and their devices, which makes these attacks much harder to detect and prevent. State-sponsored attacks are highly complex, cost millions of dollars to develop and often have a short shelf life,” Apple explains in its support page.
Why it should not be dismissed as a false alarm: While there are chances that the Apple alert might be a false alarm (Apple itself includes this caveat), there is more reason to believe that it is not.
“Let me directly address the naysayers. Are these merely ‘false alarms’? Let’s consider the evidence:
Firstly, reports indicate that India has been a ground for deploying Pegasus spyware by NSO Group, an Israeli firm. In October, 2019, state attackers targeted activists, and in July, 2021 they extended their reach to public officials and journalists. The Union Government has not clearly denied these activities in the Supreme Court of India. Moreover, investigations by Amnesty, Citizen Lab, and notifications from WhatsApp corroborate its use, suggesting a pattern in India and a matching victim profile.
Secondly, Access Now and Citizen Lab last month have confirmed the validity of Apple’s threat notifications sent to Russian journalists, including Meduza’s publisher. These confirmations lend high credibility to such notifications.
Thirdly, Financial Times disclosed in March that India is seeking new spyware contracts starting at approximately $16 million and potentially escalating to $120 million in the next few years. These contracts involve companies like the Intellexa Alliance, recently featured in a report called ‘The Predator Files’.
With imminent state assembly elections and the 2024 general elections not far off, the timing of these threat notifications is alarming. Public cynicism or judicial stupor should not preclude us from demanding an independent, transparent technical analysis and clear disclosures from the Government of India regarding its spyware purchases and deployments. This issue strikes at the heart of Indian democracy.” — Apar Gupta, Advocate and Founding Director, Internet Freedom Foundation (IFF)
Government response: India’s Minister for Electronics and Information Technology Ashwini Vaishnaw issued the following statement on X:
“We are concerned by the statements we have seen in media from some MPs as well as others about a notification received by them from Apple. The notification received by them as per media reports mentions about ‘state-sponsored attacks’ on their devices. However much of information by Apple on this issue seems vague and non-specific in nature. Apple states these notifications maybe based on information which is ‘incomplete or imperfect’. It also states that some Apple threat notifications maybe false alarms or some attacks are not detected.
Apple has also claimed that Apple IDs are securely encrypted on devices, making it extremely difficult to access or identify them without the user’s explicit permission. This encryption safeguards the user’s Apple ID and ensures that it remains private and protected.
The Government of Bharat takes its role of protecting the privacy and security of all citizens very seriously and will investigate to get to the bottom of these notifications.
In light of such information and widespread speculation, we have also asked Apple to join the investigation with real, accurate information on the alleged state sponsored attacks.”
Vaishnaw also addressed a press briefing on the issue:
#WATCH | On Apple's 'state-sponsored attack' message to some Opposition members, Union Minister for Communications, Electronics & Information Technology Ashwini Vaishnaw says, "The government is concerned about this issue and it will go to the bottom of it. There are some… pic.twitter.com/32B3DYYheX
— ANI (@ANI) October 31, 2023
Note: The headline was updated to rectify a typographical error at 12:43 pm on Oct 31, 2023. Comments from IT Minister Ashwini Vaishnaw was added at 3:20 pm on Oct 31, 2023.
STAY ON TOP OF TECH NEWS: Our daily newsletter with the top story of the day from MediaNama, delivered to your inbox before 9 AM. Click here to sign up today!
- Pegasus Spyware: All The Latest Facts On Who Was Targeted, The Modus Operandi, And More
- Supreme Court Opens Sealed Cover Pegasus Report: Only 5 Out Of 29 Phones Infected With ‘Malware’
- How Pegasus Surveillance Changed Rupesh Kumar Singh And Ipsa Shatakshi’s Lives
- A Guide To The NSO Group’s Pegasus Spyware In India