Indian politicians and media figures have reported that Apple has warned them their accounts may be under attack by state-sponsored actors.
All of the politicians who received the warnings are members of opposition parties. One recipient, MP Mahua Moitra, shared a screenshot of the email she received from threat-notifications@apple.com, which stated “Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID.”
Mahua’s post added: “@HMOIndia – get a life. Adani & PMO bullies – your fear makes me pity you.”
“HMO” refers to India’s Ministry of Home Affairs. Adani is an Indian conglomerate that imports coal and was recently accused by the opposition of inflating price. “PMO” refers to the Prime Minister’s Office and is relevant because India’s opposition has alleged that Prime Minister Narendra Modi has given political cover to Adani.
Mahua’s post therefore accuses India’s government of being the state actor Apple believe has attacked her iPhone.
Which is quite an accusation.
But not beyond the realms of possibility because, in 2021, phone numbers used by Indian journalists and politicians were found on lists targeted by users of the NSO Group’s notorious “Pegasus” spyware.
India’s opposition declared its government treasonous and made much of the spyware allegations.
At the time, India’s tech minister Ashwini Vaishnaw did not deny that India had acquired or used Pegasus, and pointed out that not all phone numbers listed by NSO were attacked. He also noted that India has laws covering legal interception of communications.
Vaishnaw yesterday challenged Apple’s actions.
“Information by Apple on this issue seems vague and non-specific in nature,” he wrote, adding that the iGiant “states these notifications maybe based on information which is ‘incomplete or imperfect’,” or could be false alarms.
He’s right: Apple’s page describing its state-sponsored threat alerts does offer those warnings.
There is no evidence that India’s government attacked its own. But observers have expressed concern that the nation’s government is intolerant of dissenting voices. The Washington Post’s editorial board recently worried that India’s government is displaying “autocratic drift”, a reference to increased stifling of dissent, sometimes with internet shutdowns. Facebook, the Post reported, even found India’s Army ran a network of inauthentic accounts, but the social network didn’t act for fear of earning the displeasure of India’s government.
It’s also plausible that other states are behind the attack. Indeed, India’s relations with neighbours such as Pakistan and China are frosty, meaning both could conceivably be behind a state-sponsored attack. So could Russia, which has reason to be upset that India has edged closer to the West in recent years.
Only Apple knows the source of the incidents that caused it to send the alerts, and it isn’t telling.
“We are unable to provide information about what causes us to issue threat notifications, as that may help state-sponsored attackers adapt their behaviour to evade detection in the future,” states Apple’s support page. ®