Apple had warned several Indian Opposition parties' politicians of their iPhones becoming targets of state-sponsored attacks in late October.
Several top politicians and journalists received notifications from Apple stating that "Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID …."
As reported by TheWire, such political figures as Mahua Moitra (Trinamool Congress MP), Priyanka Chaturvedi (Shiv Sena UBT MP), Raghav Chadha (AAP MP), Shashi Tharoor (Congress MP), and Asaduddin Owaisi (AIMIM MP) were among the ones who received this notification.
The list also included Sitaram Yechury (CPI-M) general secretary and former MP), Pawan Khera (Congress spokesperson), and Akhilesh Yadav (Samajwadi Party president).
In addition to political figures, the warning was also directed at influential journalists, including Siddharth Varadarajan (founding editor, The Wire), Sriram Karri (resident editor, Deccan Chronicle), Samir Saran (president, Observer Research Foundation), Revathi (independent journalist), and Ravi Nair (journalist, OCCRP).
The scope of the warnings extended to individuals associated with the Congress MP Rahul Gandhi’s office, as well as regional leaders like Revanth Reddy (Congress MP), T S Singhdeo (Chhattisgarh deputy CM and Congress leader), and K T Rama Rao (Telangana minister and BRS leader).
Anand Mangnale (regional editor, South Asia, OCCRP) also featured among those who were alerted about the potential threats to their iPhones.
The email, titled 'ALERT: State-sponsored attackers may have been targeting your iPhone' went on to say, "These attackers were likely targeting you individually because of who you are or what you do. If your device had been compromised by a state-sponsored attacker, they might have been able to remotely access your sensitive data, communications, or even the camera and microphone… While it was possible this was a false alarm, please take this warning seriously."
While the language of Apple’s warning was identical to what the phone manufacturer had used in the past to alert victims of spyware around the world, the fact that at least five persons in India had received the same alert at the same time (11.45 pm on October 30) suggested that those being targeted were part of an India-specific cluster.
Previously, Apple had advised users who received such alerts to activate the Lockdown mode, a security measure introduced in 2022, TechCrunch reported.
The feature is specifically designed to protect individuals, including journalists, politicians, attorneys, and human rights advocates, from potential intrusions by state-sponsored spyware.
The Lockdown mode implements several protective measures, including the reduction of link previews in messages, the minimisation of Safari functionality by deactivating features like just-in-time (JIT) compilers to prevent malicious JavaScript execution, the restriction of users from opening attachments, and the disabling of FaceTime calls from unfamiliar contacts.
Since the implementation of the threat notifications feature, Apple has issued alerts to individuals in nearly 150 countries, underscoring the global reach and impact of the potential security risks.
Shashi Tharoor, Congress MP, posted on X "Just received a threat notification from an Apple ID, threat-notifications@apple.com, which I have verified. Authenticity confirmed. Glad to keep underemployed officials busy at the expenses of taxpayers like me! Nothing more important to do?"
Priyanka Chaturvedi, Shiv Sena UBT MP, expressed her thoughts on the matter on X, stating, "Wonder who? Shame on you. Cc:@HMOIndia - for your kind attention."
Financial Times had in March reported that the Indian government had been seeking new spyware contracts. A spyware contract refers to an agreement or arrangement wherein a government or an entity contracts with a third-party vendor or developer to procure and deploy spyware for specific purposes.
Spyware is software designed to collect information from a computer system or network without the user's knowledge or consent. There has been no official statement or confirmation specifically attributing the responsibility for the recent episode from Indian government.
Apar Gupta, a senior data privacy activist, said that the timing of these notifications was alarming.
"Public cynicism or judicial stupor should not preclude us from demanding an independent, transparent technical analysis and clear disclosures from the Government of India regarding its spyware purchases and deployments. This issue strikes at the heart of Indian democracy," he had said in a post on X.
India’s IT Minister Ashwini Vaishnaw said the government is concerned about the matter and is investigating to find the truth. He also downplayed the allegations, saying the threat notifications received by them were "vague" and merely "estimations."
Comments