Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Governance & Risk Management

Apple Alert on iPhone Hacking Fuels Spyware Fears in India

Apple Warns Indian Politicians, Journalists of Attempted Nation-State Hacks
Apple Alert on iPhone Hacking Fuels Spyware Fears in India
Image: Shutterstock

Apple on Tuesday warned several sitting members of Parliament and journalists in India that state-sponsored attackers had tried to remotely compromise iPhones associated with their Apple IDs. The Indian government quickly rejected allegations from critics that it was deploying commercial spyware.

See Also: Would You Rather be Cloud Smart or Cloud First in Government?

Apple warned users: "These attackers are likely targeting you because of who you are or what you do. If your device is compromised by a state-sponsored attacker, they may be able to remotely access your sensitive data, communications, or even the camera and microphone. While it’s possible this is a false alarm, please take this warning seriously."

Apple threat notification recipients included former Minister of State for External Affairs Shashi Tharoor, former chief ministers of various states, senior parliamentarians, political party spokespersons, and party leaders. None of the targeted parliamentarians were members of the ruling Bharatiya Janata Party.

Apple also sent threat notifications to senior journalists and popular civil society activists, including the founding editor of The Wire, Siddharth Varadarajan; resident editor of the Deccan Chronicle, Sriram Karri; senior independent journalist Ravathi; and senior journalists at The Organized Crime and Corruption Reporting Project, Anand Mangnale and Ravi Nair.

Apple Refuses to Name State Actor Behind the Attacks

Opposition party leaders across India quickly accused the Narendra Modi-led central government of using commercial spyware, such as the NSO Group's Pegasus, to infiltrate their devices and track their private data and communications. Apple released a statement shortly afterward, stating that it could not attribute the state-sponsored attacks to a single actor.

"Apple does not attribute the threat notifications to any specific state-sponsored attacker. State-sponsored attackers are very well-funded and sophisticated, and their attacks evolve over time. Detecting such attacks relies on threat intelligence signals that are often imperfect and incomplete," Apple said.

"It's possible that some Apple threat notifications may be false alarms, or that some attacks are not detected. We are unable to provide information about what causes us to issue threat notifications, as that may help state-sponsored attackers adapt their behavior to evade detection in the future."

Government to Investigate

Indian Minister for Railways, Communications, Electronics and Information Technology Ashwini Vaishnaw said in a series of tweets that the government intends to thoroughly investigate Apple's claims of state-sponsored attacks targeting iPhones, considering Apple's notifications were vague and unclear.

"Much of information by Apple on this issue seems vague and nonspecific in nature. Apple states these notifications may be based on information which is 'incomplete or imperfect.' It also states that some Apple threat notifications maybe false alarms or some attacks are not detected," Vaishnaw said.

Vaishnaw appeared to mock Apple's claims about the foolproof security of Apple IDs and devices, stating that Apple claims that "Apple IDs are securely encrypted on devices, making it extremely difficult to access or identify them without the user's explicit permission."

"The Government of Bharat takes its role of protecting the privacy and security of all citizens very seriously and will investigate to get to the bottom of these notifications. In light of such information and widespread speculation, we have also asked Apple to join the investigation with real, accurate information on the alleged state-sponsored attacks," he added.

Union Minister of State for Electronics and IT Rajeev Chandrasekhar wrote on X, formerly Twitter, that the government will ask Apple to clarify whether its devices are secure and why the company sent such threat notifications to people in 150 countries, if it claims its products are designed to protect privacy.

Vulnerable to Spyware

Apple in September issued an emergency security update for iOS, iPadOS, macOS and watchOS devices after The Citizen Lab at the University of Toronto discovered malicious actors exploiting a previously unknown vulnerability to infect a Washington, D.C.-based individual's device with the Pegasus spyware.

The Citizen Lab said the buffer overflow vulnerability resided in iOS 16.6 and enabled malicious actors to carry out arbitrary code execution by sending a maliciously crafted image file to a victim. The exploit did not require any interaction from the victim.

This isn't the first time that the Indian government has been accused of using commercial surveillance tools to spy on journalists, activists and politicians. French media nonprofit Forbidden Stories and Amnesty International in July 2021 said in a report that up to 300 Indian citizens - including journalists, academics, government officials, scientists and two Cabinet ministers - were targeted with the Pegasus spyware.

The Financial Times in March quoted people familiar with the government to state that the Indian government plans to spend hundreds of millions of dollars to purchase lesser-known spyware after the U.S. blacklisted commercial use of the Pegasus spyware. The sources told FT that the government could spend between $6 million and $120 million on new spyware contracts over the next few years.


About the Author

Jayant Chakravarti

Jayant Chakravarti

Senior Editor, APAC

Chakravarti covers cybersecurity developments in the Asia-Pacific region. He has been writing about technology since 2014, including for Ziff Davis.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.asia, you agree to our use of cookies.