Several prominent Opposition leaders on Tuesday, 31 October, claimed that they have received a threat notification from Apple about state-sponsored attackers targeting their iPhones.
The following leaders from various states and political parties received the hacking threat alert:
Trinamool Congress (TMC) MP Mahua Moitra
Shiv Sena (UBT) MP Priyanka Chaturvedi
Congress MP Shashi Tharoor
Congress party spokesperson Pawan Khera
Communist Party of India (Marxist) chief Sitaram Yechury
Aam Aadmi Party (AAP) leader Raghav Chadha
All India Majlis-e-Ittehadul Muslimeen (AIMIM) chief Asaduddin Owaisi
Congress social media head Supriya Shrinate
Chhattisgarh Deputy Chief Minister TS Singhdeo
Telangana Information and Technology Minister KT Rama Rao (KTR)
Bahujan Samaj Party (Telangana) head Dr RS Praveen Kumar
Observer Research Foundation (ORF) head Samir Saran and several journalists like The Wire editor Siddharth Vardarajan and Deccan Chronicle editor Sriram Karri also received threat alerts.
The threat alert from Apple has reignited fears of devices being targeted by sophisticated spyware like Pegasus. Most of the 'targets' being vocal critics of the government and receiving the notifications around the same time has raised eyebrows.
In a statement to The Quint, the iPhone maker said, "Apple does not attribute the threat notifications to any specific state-sponsored attacker."
"Since enabling the Threat Notifications feature, Apple has sent Threat Notifications to individuals whose accounts are in nearly 150 countries," the statement added.
In 2021, India was rocked by a spyware scandal where it was reported that several activists, journalists, and politicians had been targeted by Israeli firm NSO’s Pegasus spyware that is only sold to nation-states.
While the Union government has been evasive in its response on the usage of Pegasus, organisations like Citizen Lab and Amnesty have found evidence of the sophisticated hacking software being deployed in India.
Apple Alerts Opposition Leaders of 'State-Sponsored Attack': Who's on the List?
1. What Does the Threat Notification Say Exactly?
"Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID [...]," read the alert received by Congress' Tharoor who said that he had verified the sender to be Apple.
Threat notification alert sent by Apple to CPI(M) head Sitaram Yechury.
(Photo Courtesy: Accessed by The Quint)
"These attackers are targeting you individually because of who you are or what you do. If your device is compromised by a state-sponsored attacker, they may be able to remotely access your sensitive data, communications, or even the camera and microphone."
Apple Threat Notification"While it's possible this is a false alarm, please take this warning seriously," it added.
"State-sponsored attackers are very well-funded and sophisticated, and their attacks are constantly evolving [...] Some state-sponsored attacks require no interaction from you, and others rely on tricking you into clicking a malicious link opening an attachment in an email, SMS, or other message," Apple said, as per the screenshots shared by Tharoor.
In the past, Apple devices have been found to be infected by Pegasus through zero-click attacks – a sophisticated, hacking technique that doesn't require the victim to click on any link. For example, Google's Project Zero team had found that Pegasus was successfully deployed to a victim's device by sending a GIF through iMessage.
Expand2. Does Apple Send These Alerts to Everyone?
Not everyone. The targets of State-sponsored attacks are "individually targeted because of who they are or what they do," Apple's blog post on threat notifications states.
"Unlike traditional cybercriminals, state-sponsored attackers apply exceptional resources to target a very small number of specific individuals and their devices, which makes these attacks much harder to detect and prevent," the blog reads.
"The vast majority of users will never be targeted by such attacks," it adds.
Expand3. What Are the Chances That This Is a False Alarm?
According to Apple, "It’s possible that some threat notifications may be false alarms, or that some attacks are not detected. We are unable to provide information about what causes us to issue threat notifications, as that may help state-sponsored attackers adapt their behaviour to evade detection in the future."
However, Access Now and Citizen Lab conducted a joint investigation just last month which revealed that Russian journalists critical of President Vladimir Putin had been targeted by NSO's Pegasus spyware.
Notably, the investigation found traces of spyware on the device of a journalist who had received a similar Apple threat notification a day prior.
"With imminent state assembly elections and the 2024 general elections not far off, the timing of these threat notifications is alarming. Public cynicism or judicial stupor should not preclude us from demanding an independent, transparent technical analysis and clear disclosures from the Government of India regarding its spyware purchases and deployments. This issue strikes at the heart of Indian democracy."
Internet Freedom Foundation (IFF) founding director Apar Gupta"The need for some prominent MPs, especially women having received notifications from Apple about state-sponsored attacks is gravely serious. They must immediately take steps to secure their devices," Software Freedom Law Centre (SFLC) founder Mishi Choudhary said, while calling on government agencies like CERT-In to investigate the matter.
Expand4. What Defence Is Available Against Such Attacks?
Beyond the traditional cyber-hygiene practices , Apple rolled out a feature called 'Lockdown Mode' last year in response to spyware like Pegasus and Hermit.
Going on Lockdown Mode means limiting a lot of prevalent functionalities in the usual iOS user experience. It blocks most types of message attachments on iMessage, and disables link previews. It also limits browsing, and blocks unknown requests on Apple services such as Facetime.
Lockdown Mode makes it impossible to establish a wired connection with an Apple device when locked, and also prevents configuration profiles from being installed. Mobile Device Management also cannot be accessed if the feature is enabled.
How to turn on Lockdown Mode on iPhone or iPad? Go to Setting > Privacy & Security > Turn On Lockdown Mode > Restart your device.
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)
Expand
What Does the Threat Notification Say Exactly?
"Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID [...]," read the alert received by Congress' Tharoor who said that he had verified the sender to be Apple.
Threat notification alert sent by Apple to CPI(M) head Sitaram Yechury.
(Photo Courtesy: Accessed by The Quint)
"These attackers are targeting you individually because of who you are or what you do. If your device is compromised by a state-sponsored attacker, they may be able to remotely access your sensitive data, communications, or even the camera and microphone."Apple Threat Notification
"While it's possible this is a false alarm, please take this warning seriously," it added.
"State-sponsored attackers are very well-funded and sophisticated, and their attacks are constantly evolving [...] Some state-sponsored attacks require no interaction from you, and others rely on tricking you into clicking a malicious link opening an attachment in an email, SMS, or other message," Apple said, as per the screenshots shared by Tharoor.
In the past, Apple devices have been found to be infected by Pegasus through zero-click attacks – a sophisticated, hacking technique that doesn't require the victim to click on any link. For example, Google's Project Zero team had found that Pegasus was successfully deployed to a victim's device by sending a GIF through iMessage.
Does Apple Send These Alerts to Everyone?
Not everyone. The targets of State-sponsored attacks are "individually targeted because of who they are or what they do," Apple's blog post on threat notifications states.
"Unlike traditional cybercriminals, state-sponsored attackers apply exceptional resources to target a very small number of specific individuals and their devices, which makes these attacks much harder to detect and prevent," the blog reads.
"The vast majority of users will never be targeted by such attacks," it adds.
What Are the Chances That This Is a False Alarm?
According to Apple, "It’s possible that some threat notifications may be false alarms, or that some attacks are not detected. We are unable to provide information about what causes us to issue threat notifications, as that may help state-sponsored attackers adapt their behaviour to evade detection in the future."
However, Access Now and Citizen Lab conducted a joint investigation just last month which revealed that Russian journalists critical of President Vladimir Putin had been targeted by NSO's Pegasus spyware.
Notably, the investigation found traces of spyware on the device of a journalist who had received a similar Apple threat notification a day prior.
"With imminent state assembly elections and the 2024 general elections not far off, the timing of these threat notifications is alarming. Public cynicism or judicial stupor should not preclude us from demanding an independent, transparent technical analysis and clear disclosures from the Government of India regarding its spyware purchases and deployments. This issue strikes at the heart of Indian democracy."Internet Freedom Foundation (IFF) founding director Apar Gupta
"The need for some prominent MPs, especially women having received notifications from Apple about state-sponsored attacks is gravely serious. They must immediately take steps to secure their devices," Software Freedom Law Centre (SFLC) founder Mishi Choudhary said, while calling on government agencies like CERT-In to investigate the matter.
What Defence Is Available Against Such Attacks?
Beyond the traditional cyber-hygiene practices , Apple rolled out a feature called 'Lockdown Mode' last year in response to spyware like Pegasus and Hermit.
Going on Lockdown Mode means limiting a lot of prevalent functionalities in the usual iOS user experience. It blocks most types of message attachments on iMessage, and disables link previews. It also limits browsing, and blocks unknown requests on Apple services such as Facetime.
Lockdown Mode makes it impossible to establish a wired connection with an Apple device when locked, and also prevents configuration profiles from being installed. Mobile Device Management also cannot be accessed if the feature is enabled.
How to turn on Lockdown Mode on iPhone or iPad? Go to Setting > Privacy & Security > Turn On Lockdown Mode > Restart your device.
(At The Quint, we are answerable only to our audience. Play an active role in shaping our journalism by becoming a member. Because the truth is worth it.)