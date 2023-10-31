In a new political potboiler, some iPhone-using Opposition leaders have claimed to have received “threat alerts” from Apple. “ALERT: State-sponsored attackers may be targeting your iPhone,” the threat notification sent on iMessage and Apple Mail reads.

The notification has reportedly been received by Opposition leaders across party lines including Mahua Moitra, Shashi Tharoor, Pawan Khera, KC Venugopal, Priyanka Chaturvedi, Raghav Chadha, Asaduddin Owaisi, and some others.

Taking to X, formerly Twitter, Congress MP Shashi Tharoor wrote, “Received from an Apple ID, [email protected], which I have verified. Authenticity confirmed. Glad to keep underemployed officials busy at the expense of taxpayers like me! Nothing more important to do? @PMOIndia @INCIndia @kharge @RahulGandhi.”

Interestingly, Shashi Tharoor had tweeted once before with the screenshot of the email he received, however, in that screenshot, he had forgotten to mask his email ID associated with his Apple ID. Tharoor later deleted the tweeted ad re-posted the screenshot with his email masked. Ironically, it would certainly not take sophisticated state-sponsored hackers to break into the device security of someone, an MP no less, who is not aware of basic protocols that one must follow to keep their devices safe – like not making public vital details attached to your accounts.

Similarly dramatic responses were seen coming from Pawan Khera on X, who put the onus of the alleged “threat” on PM Modi saying, “Dear Modi Sarkar, why are you doing this?”

Trinamool Congress MP Mahua Moitra, who recently confessed to giving her Parliamentary login credentials to Darshan Hiranandani who submitted questions against Adani, wrote on X calling Adani and PMO bullies.

Notably, the TMC MP has been told to appear before the Lok Sabha Ethics Committee on 2nd November in the cash-for-query case. The case pertains to allegations by BJP MP Nishikant Dubey that Moitra accepted bribes and favours from Darshan Hiranandani including uber-expensive handbags costing up to lakhs of rupees.

On 27th October, Moitra accepted that she shared her Parliament login details with the businessman but denied taking any money for it.

Meanwhile, Congress leader Rahul Gandhi rushed to conduct a press conference to blame the BJP over the alert. He said, “A number of people in my office have got this message… In Congress, KC Venugopal ji, Supriya, Pawan Khera have got it too…They (BJP) are trying to distract the attention of the youth.”

While Rahul Gandhi rushed to play politics, it is pertinent to note that some others who certainly can’t be seen as I.N.D.I Alliance members also received the same threat alert message.

Samir Saran, who is the President of ORF, a non-partisan, independent think tank also received the threat alert message from Apple.

Additionally, the same notification has reportedly been received by some Apple iPhone users in Armenia. Screenshots of the same alert were shared by Armenian journalist Artur Papyan @ditord on X. “Apple has issued a new round of threat notifications about State Sponsored attacks. If you’re an Armenia-based journalist or a civil society representative, contact me, @Kornelij or @RubenMuradyan to get your device checked, as well as urgent advice and support,” Papyan posted on X.

What Apple says about such ‘threat alert’ messages on their support page and their statement after Rahul Gandhi press conference

Interestingly, Apple itself on its website states that these so-called “state-sponsored threats” to their users’ device are not reliable.

In fact, the very alert that the Opposition leaders claimed to have received states, “While it’s possible this is a false alarm, please take this warning seriously.”

Furthermore, Apple has implied that it does not attribute the threat notifications to any specific state-sponsored attacker. “State-sponsored attackers are very well-funded and sophisticated, and their attacks evolve over time. Detecting such attacks relies on threat intelligence signals that are often imperfect and incomplete.”

“It’s possible that some Apple threat notifications may be false alarms, or that some attacks are not detected. We are unable to provide information about what causes us to issue threat notifications, as that may help state-sponsored attackers adapt their behaviour to evade detection in the future,” Apple states on the support page on its website.

Moreover, it says that Apple is “unable to provide information about what causes us to issue threat notifications”. This means that it is not clear whatsoever whether the alleged attack, that is if it is indeed an attack, is state-sponsored at all. And even if it is “state-sponsored” then there is no telling which state.

In fact, after the dramatic press conference of Rahul Gandhi where he directly blamed the Modi government of snooping on “opposition members”, Apple issued a stetement reiterating their position on such threat messages.

Apple said, “Apple does not attribute the threat notifications to any specific state-sponsored attacker. State-sponsored attackers are very well-funded and sophisticated, and their attacks evolve over time. Detecting such attacks relies on threat intelligence signals that are often imperfect and incomplete. It’s possible that some Apple threat notifications may be false alarms, or that some attacks are not detected. We are unable to provide information about what causes us to issue threat notifications, as that may help state-sponsored attackers adapt their behavior to evade detection in the future”.

What are Apple threat notifications?

According to information available on the tech-giant’s website, “Apple threat notifications are designed to inform and assist users who may have been targeted by state-sponsored attackers.”

“These users are individually targeted because of who they are or what they do. Unlike traditional cybercriminals, state-sponsored attackers apply exceptional resources to target a very small number of specific individuals and their devices, which makes these attacks much harder to detect and prevent. State-sponsored attacks are highly complex, cost millions of dollars to develop and often have a short shelf life. The vast majority of users will never be targeted by such attacks,” the company states.

Apple has also laid down measures to prevent and combat such threats. “To verify that an Apple threat notification is genuine, sign in to appleid.apple.com. If Apple has sent you a threat notification, it will be clearly visible at the top of the page after you have signed in.”

Modi government orders probe: What minister Ashwini Vaishnaw said

After the fiasco, the Modi government has ordered a probe into the alleged security breach.

Minister Ashwini Vaishnaw said, “We are concerned by the statements we have seen in media from some MPs as well as others about a notification received by them from Apple. The notification received by them as per media reports mentions about ‘state-sponsored attacks’ on their devices”. He further said, “Information by Apple on this issue seems vague and non-specific in nature. Apple states these notifications may be based on information which is ‘incomplete or imperfect’. It also states that some Apple threat notifications may be false alarms or some attacks are not detected. Apple has also claimed that Apple IDs are securely encrypted on devices, making it extremely difficult to access or identify them without the user’s explicit permission. This encryption safeguards the user’s Apple ID and ensures that it remains private and protected. The Government of Bharat takes its role of protecting the privacy and security of all citizens very seriously and will investigate to get to the bottom of these notifications. In light of such information and widespread speculation, we have also asked Apple to join the investigation with real, accurate information on the alleged state-sponsored attacks”.

A desperate sequel to the Pegasus fiasco?

On 25th August last year, the Supreme Court said that no conclusive proof emerged to support the claim that the Indian government was using the controversial Pegasus spyware to snoop on people.

The then Chief Justice of India NV Ramana said that the apex court-appointed committee probing the matter has concluded that the Israeli spyware was not found in the 29 mobile phones it examined.

The controversy erupted on 18th July 2021, when a group of media networks and investigative reporters claimed that among the 50,000 phone numbers chosen for infection with the Pegasus malware were those of Indian ministers, legislators, activists, entrepreneurs, and journalists.

Notably, Israel-based company NSO which built the spyware, claims that it only deals with governments and not private entities. However, it never disclosed who its clients were. Several international media outlets, including The Wire from India, released a series of reports claiming the Indian government used the spyware.

The reports were based on an “analysis” done by a team of Amnesty International. It is notable that the Supreme Court-appointed committee had also used the tool develop by Amnesty to detect the spyware, along with various other tools.