Opposition leaders Shashi Tharoor, Priyanka Chaturvedi, Raghav Chadha, among others, said they received Apple’s alert saying their devices were being targeted by "state-sponsored attackers”
Following the controversy, Apple, in a vague statement, refused to offer any concrete details on how it flagged the recipients and declined to attribute the threat notifications to any specific state-sponsored attacker
Union IT Minister Ashwini Vaishnaw said that the government would probe the matter and directed Apple to join the investigation
Inc42 Daily Brief
Stay Ahead With Daily News & Analysis on India’s Tech & Startup Economy
Threat alerts issued by tech giant Apple to some iPhone users, cautioning them about “state-sponsored attackers attempting to compromise their iPhones remotely”, have stirred up a political storm in the country.
Opposition leaders, including Congress’ Shashi Tharoor, Shiv Sena’s (UBT faction) Priyanka Chaturvedi, AAP’s Raghav Chadha, Sitaram Yechury of Communist Party of India (Marxist), and Trinamool Congress’ Mahua Moitra, said on X (formerly Twitter) on Tuesday that they received the alert from the US-based company and accused the Centre of snooping on them.
“Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID. These attackers are likely targeting you individually because of who you are or what you do…,” a screenshot of the notification shared on the social media platform read.
In its message, Apple added that malicious attackers could remotely access sensitive data, communications as well as camera and microphone of the compromised iPhones. However, the message also noted that it is ‘possible’ that this could be a ‘false alarm’ but advised recipients to take the warning seriously.
Following this, the opposition took jabs at the Centre, using terms such as ‘Snoop Raj’ and ‘Peeping Toms’. Additionally, Moitra said she would write to Lok Sabha Speaker Om Birla, requesting him to summon the officials of the Ministry of Home Affairs (MHA) on this matter. She also urged the Parliament’s Committee of Privileges to address the issue.
Meanwhile, the Centre dismissed the allegations, with BJP leaders saying that the responsibility lies with Apple to provide clarification regarding the alerts. Former IT minister and BJP leader Ravi Shankar Prasad suggested that the opposition leaders should direct their concerns to Apple and file FIRs in the matter instead of making accusations against the Centre.
Apple’s Guarded Response
Following the controversy, Apple issued a vague statement which did not offer any concrete details on how it flagged the recipients. It refused to attribute the threat notifications to any specific state-sponsored attacker.
The company also didn’t respond to Inc42’s question asking if the threat notifications were only sent to persons associated with political parties.
In its statement, the Cupertino-based giant said it relies on “threat intelligence signals that are often imperfect and incomplete” to detect such attacks. Apple further said that some of these messages could be false alarms.
The company also refused to provide any further information on the patterns it uses to detect such attacks, saying offering such details would help attackers evade detection in the future.
“State-sponsored attackers are very well-funded and sophisticated, and their attacks evolve over time. Detecting such attacks relies on threat intelligence signals that are often imperfect and incomplete. It’s possible that some Apple threat notifications may be false alarms, or that some attacks are not detected. We are unable to provide information about what causes us to issue threat notifications, as that may help state-sponsored attackers adapt their behaviour to evade detection in the future,” Apple said.
Interestingly, the smartphone maker claims to have sent such threat notifications to its users in nearly 150 countries since the feature was enabled in late 2021.
What Is Apple’s State-Sponsored Attack Alert?
In simple words, Apple issues threat notifications to inform users who may have been targeted by state-sponsored actors. Essentially, these attackers are backed by countries and have plenty of funds, other resources, and sophisticated tools to compromise the devices of targeted individuals.
These state-sponsored attacks are distinct from the run-of-the-mill cyber attacks, and exploit publicly unknown vulnerabilities in devices or softwares. These threat notifications largely pertain to attacks that target individuals for their identity or activities.
While Apple uses certain patterns to evaluate if a person has been impacted by such costly and sophisticated attacks, the system has also been plagued by false threat notifications. When the company detects any such activity, it forwards a message to users via email and iMessage connected to the respective Apple ID.
Row Opens Pandora’s Box For Apple
As the opposition sharpened its attack on the Centre, Union IT Minister Ashwini Vaishnaw took to X to assuage opposition leaders and said the government will probe the matter. He also informed that the tech giant has been directed to join the investigation with ‘accurate information’ on the said state-sponsored attacks.
“The Government of Bharat takes its role of protecting the privacy and security of all citizens very seriously and will investigate to get to the bottom of these notifications… In light of such information and widespread speculation, we have also asked Apple to join the investigation with real, accurate information on the alleged state sponsored attacks,” Vaishnaw said.
The minister said that most of the information provided by Apple on the matter is ‘vague and non-specific in nature’. Citing Apple, he said the company claims the threat notifications may be based on ‘incomplete or imperfect’ information and that some of the messages may have been false alarms.
Chiming in, Minister of State (MoS) for IT Rajeev Chandrasekhar said the Centre is ‘committed and duty bound’ to protect privacy of its citizens, adding that the government will also investigate Apple’s claims of selling ‘secure and privacy compliant devices’.
The MoS said the Centre expects Apple to clarify if its devices are secure and why the threat notifications were sent to individuals in more than 150 countries.
Apple has largely steered clear of working with states to offer information into the inner working of its devices. On a previous occasion, it legally contested an FBI request to unlock the iPhone of one of the terrorists involved in the 2016 San Bernardino shooting.
It is not clear if the smartphone maker will cooperate with Indian authorities and to what extent. For now, the matter has taken a political shape as both Centre and opposition parties take public potshots at each other. Caught in between seems to be Apple which will now have to participate in a probe that will aim to divulge information about what prompted its system to issue threat notifications in the case of Indian opposition leaders.
It must also be noted that Apple is already the face of an antitrust probe in the country for alleged dominance in the app marketplace space. In addition, the tech major has also invited the ire of Indian authorities, on multiple occasions, for failure to comply with takedown orders.
{{#name}}{{name}}{{/name}}{{^name}}-{{/name}}
{{#description}}{{description}}...{{/description}}{{^description}}-{{/description}}
Note: We at Inc42 take our ethics very seriously. More information about it can be found here.