In a surprising turn of events mere months before India’s general elections, Apple has issued warnings to over half a dozen lawmakers from the main opposition party led by Prime Minister Narendra Modi. The alerts signal a potential threat of state-sponsored attacks on their iPhones.
Rahul Gandhi, the prominent Indian opposition leader, revealed in a media briefing that his team had been notified by Apple of the security concerns. Other high-profile figures, including Shashi Tharoor from the Congress party, Akhilesh Yadav of the Samajwadi Party, Mahua Moitra from the All India Trinamool Congress, and Priyanka Chaturvedi of Shiv Sena, were also informed of potential security threats to their iPhones.
Received from an Apple ID, threat-notifications@apple.com, which I have verified. Authenticity confirmed. Glad to keep underemployed officials busy at the expenses of taxpayers like me! Nothing more important to do?@PMOIndia @INCIndia @kharge @RahulGandhi pic.twitter.com/5zyuoFmaIa
— Shashi Tharoor (@ShashiTharoor) October 31, 2023
The impact of these notifications extended to Asaduddin Owaisi, the leader of the All-India Majlis-e-Ittehadul Muslimeen (AIMIM); Raghav Chadha, representing AAP and known for his anti-corruption efforts; Sitaram Yechury, the General Secretary of the Communist Party of India; and Congress spokesperson Pawan Khera.
Wonder who? Shame on you.
Cc: @HMOIndia for your kind attention pic.twitter.com/COUJyisRDk— Priyanka Chaturvedi🇮🇳 (@priyankac19) October 30, 2023
Notably, journalists Siddharth Varadarajan and Sriram Karri, along with Observer Research Foundation (ORF) India President Samir Saran, received identical warnings from Apple.
Apple, in response, acknowledged issuing these threat notifications. The company emphasized that it does not attribute the threats to any specific state-sponsored attacker. It underlined the difficulty in detecting such threats, considering that state-sponsored attackers are well-funded and sophisticated, and their tactics evolve over time. These notifications may sometimes be false alarms, and some attacks might go undetected.
For a couple of years now, several of us lead our lives with this kind of #illegal prying into our lives, invasion of #privacy. Sadly, it is #state #sponsored and incessant. pic.twitter.com/wHy6pt62e9
— Sriram Karri (@oratorgreat) October 31, 2023
India’s IT Minister, Ashwini Vaishnaw, expressed government concern over the matter and stated that they are investigating. He downplayed the allegations, referring to the threat notifications as “vague” and “estimations.”
Notably, India has faced allegations of deploying the Pegasus spyware, blacklisted by the U.S. government, on activists and opposition leaders over the years. While India has not officially acknowledged dealing with NSO, the Israeli developer of Pegasus, the malware has been found on the phones of journalists, academics, and opposition leaders in the country.
The Financial Times previously reported that the Indian government was seeking new spyware contracts. However, no official statement or confirmation has directly implicated New Delhi in the recent episode.
Apar Gupta, a senior privacy activist, expressed concern about the timing of the notifications. He called for an independent, transparent technical analysis and clear disclosures from the Government of India regarding its spyware purchases and deployments, emphasizing the significance of this issue for Indian democracy.
Apple has recommended users receiving these alerts to activate Lockdown mode, a security measure introduced in 2022, aimed at protecting individuals such as journalists, politicians, attorneys, and human rights advocates from state-sponsored spyware intrusions. This mode restricts certain functionalities to enhance security. Since enabling the threat notifications feature, Apple has alerted individuals in nearly 150 countries.
