Apple threat notifications: Vaishnaw says Govt will probe, asks company to supply ‘real, accurate’ information

“The Government of Bharat takes its role of protecting the privacy and security of all citizens very seriously and will investigate to get to the bottom of these notifications. In light of such information and widespread speculation, we have also asked Apple to join the investigation with real, accurate information on the alleged state sponsored attacks,” Vaishnaw said in a series of posts on X (formerly Twitter).

#WATCH | On multiple opposition leaders allege ‘hacking’ of their Apple devices, Union Minister for Communications, Electronics & IT Ashwini Vaishnaw says “From the mail sent by from Apple, it can be understood that they have no clear information, they have sent alerts on the… pic.twitter.com/hSxOJicbwV

— ANI (@ANI) October 31, 2023

Among the individuals who took to X to say they have received such notifications include politicians across the spectrum such as Mahua Moitra, Shashi Tharoor, Pawan Khera, Asaduddin Owaisi, Sitaram Yechury, Raghav Chadha, Supriya Shrinate, Priyanka Chaturvedi, Revanth Reddy, and T S Singhdeo.

A few journalists, including The Wire’s Siddharth Varadarajan and Organized Crime and Corruption Reporting Project’s Ravi Nair and Anand Mangnale, and Observer Research Foundation president Samir Saran also said they received similar alerts from Apple.

Vaishnaw said much of the information provided by Apple on the issue seems “vague and non-specific in nature”, and urged the iPhone maker to join the probe with more accurate information about the alleged spyware attack.

“Apple states these notifications may be based on information which is ‘incomplete or imperfect’. It also states that some Apple threat notifications maybe false alarms or some attacks are not detected. Apple has also claimed that Apple IDs are securely encrypted on devices, making it extremely difficult to access or identify them without the user’s explicit permission. This encryption safeguards the user’s Apple ID and ensures that it remains private and protected,” Vaishnaw said.

As per screenshots shared by many in the list, the notification from Apple said, “Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID. These attackers are likely targeting you individually because of who you are or what you do. If your device is compromised by a state-sponsored attacker, they may be able to remotely access your sensitive data, communications, or even the camera and microphone.”

“While it’s possible this is a false alarm, please take this warning seriously,” it added.

What Apple says about such threat notifications

According to Apple, the threat notifications are designed to “inform and assist” users who may have been targeted by state-sponsored attackers.

“If Apple discovers activity consistent with a state-sponsored attack, we will notify the targeted users in two ways: A Threat Notification will be displayed at the top of the page after the user has signed in to appleid.apple.com. Apple will send an email and iMessage notification to the email addresses and phone numbers associated with the user’s Apple ID. These notifications will provide additional steps that notified users can take to help protect their devices, including enabling Lockdown Mode,” Apple says on its website.

According to the company, detecting such attacks relies on threat intelligence signals that are often imperfect and incomplete, and it is possible that some threat notifications may be false alarms, or that some attacks are not detected. It said that it cannot provide information about what leads to such threat notifications being issued, as it could help “state-sponsored attackers adapt their behaviour to evade detection in the future”.

“State-sponsored attackers are very well-funded and sophisticated, and their attacks evolve over time,” Apple said.

Credible threat

Internet Freedom Foundation’s founding director Apar Gupta termed the timing of these threat notifications as “alarming”, given the impending Assembly elections in five states and the 2024 Lok Sabha polls. “Public cynicism or judicial stupor should not preclude us from demanding an independent, transparent technical analysis and clear disclosures from the Government of India regarding its spyware purchases and deployments. This issue strikes at the heart of Indian democracy,” Gupta said in a post on X.

Gupta referred to reports of deployment of the Pegasus spyware of Israeli firm NSO Group in India over the past few years to target politicians, activists, public officials, and journalists, and a March report of the Financial Times (FT) which said that India was scouting for new spyware contracts for millions of dollars for the next few years, suggesting that the threat notifications should not be dismissed as false alarms.

“The Union Government has not clearly denied these activities (deployment of Pegasus) in the Supreme Court of India. Moreover, investigations by Amnesty, Citizen Lab, and notifications from WhatsApp corroborate its use, suggesting a pattern in India and a matching victim profile,” Gupta said

He added that recent confirmations of the validity of threat notifications sent to some Russian journalists by reputed organisations like Access Now and Citizen Lab “lend high credibility to such notifications”.

In 2021, Pegasus Project, an international investigative journalism initiative coordinated by Paris-based media non-profit Forbidden Stories, reported that the phones of a number of Indians, including some politicians, public officials, journalists, lawyers, and activists, among others, were infected by the Pegasus spyware. On its part, the NSO Group has consistently maintained it only sold Pegasus to governments.

The final report of a Supreme Court committee that investigated the use of Pegasus in India has not been made public yet. In August 2022, the apex court had said that the committee found no conclusive evidence of the use of Pegasus on 29 phones that it examined, while also noting that the Central government did not cooperate in the investigation.