Apple warned Indian opposition figures and journalists of possible state-backed hacking last year, causing tension with the government questioning the claims and pressuring Apple to soften them.
In October 2023, Apple sent notifications to some Indian opposition politicians and journalists warning them that their iPhones might be targeted by state-sponsored attackers. This triggered a strong reaction from the Indian government, which accused Apple of interfering in the country’s internal affairs and questioned the accuracy of its warnings.
Now, Indian officials, as reported by the Washington Post, pressured Apple to soften the language of the notifications and even summoned a company security expert for a meeting in New Delhi. Apple, on the other hand, has maintained that its notifications are based on credible evidence and that it does not attribute hacking attempts to specific governments.
The individuals who received Apple’s hacking warnings and subsequently posted about them on social media shared a common characteristic: they were critical of Prime Minister Modi’s government.
An investigation into the phone of journalist Anand Mangnale, who was examining Modi ally Gautam Adani, revealed the presence of Pegasus spyware, developed by the Israeli company NSO Group. While Apple did not explicitly attribute the attacks to the Indian government, Pegasus is typically sold to governments and government agencies.
The report further reveals that India’s ruling political party has neither confirmed nor denied the use of Pegasus to spy on journalists and political opponents. However, instances of critics being infected with Pegasus spyware have been previously reported, with a 2021 investigation revealing the presence of the spyware on the phones of individuals with a history of opposing and criticizing Modi’s government.
It is worth noting that if and when Apple suspects a user’s iPhone is being targeted by malicious threat actors or by a state-backed cyber attack, the company has a multi-pronged approach to warn the user. This includes threat notifications, security recommendations, email and iMessage alerts.
1. Threat Notification:
- This is the most prominent method. A banner and alert appear on the user’s device when they sign in to appleid.apple.com.
- The alert clearly states that they “may be targeted by state-sponsored attackers trying to remotely compromise your iPhone.”
- It avoids specifying the attacker’s origin but offers general advice on security measures.
2. Email and iMessage Notifications:
- Apple sends emails and iMessages to all email addresses and phone numbers associated with the user’s Apple ID.
- These notifications mirror the information in the web-based alert, reiterating the potential state-backed attack and suggesting security steps.
3. Security Recommendations:
- Both the web-based and email/iMessage notifications provide general security advice, such as:
- Updating devices to the latest software with security patches.
- Enabling two-factor authentication for Apple ID and other critical accounts.
- Reviewing iCloud settings and disabling access to non-essential apps.
- Changing passwords for important accounts.
It is also important to note that Apple doesn’t share specific details about the attackers or the attack methods to protect their sources and investigations. These notifications are triggered by specific indicators observed by Apple, but not all targeted users may receive one. Receiving a notification doesn’t necessarily mean your iPhone is compromised, but it’s a cautionary flag to take serious security measures.
Hack alert vs. Apple lockdown mode
It is also important to differentiate that while threat notifications alert users of cyberattacks, Apple Lockdown mode goes one step further by providing extreme protection against sophisticated digital threats by restricting certain functionalities like FaceTime, web browsing, and message attachments.
The Lockdown mode is also Primarily for individuals facing confirmed or imminent high-level cyber threats, such as journalists, activists, or dissidents. Nevertheless, the alleged involvement of Indian authorities in pressuring Apple to downplay the political impact of its hacking warnings, particularly targeting individuals critical of the Modi government.
The use of Pegasus spyware, known for its association with governments and government agencies, also raises concerns about potential state-sponsored surveillance of journalists and political opponents in India and elsewhere.
RELATED ARTICLES
- QuaDream: Israeli Cyber Mercenary Behind iPhone Hacks
- Android Version of Sophisticated Pegasus Spyware Discovered
- iPhones of 9 State Dept officials hijacked by NSO Pegasus spyware
- Did Saudi Crown Prince use Israeli spyware to hack Jeff Bezos’s iPhone?
- iPhones of 36 Al Jazeera journalists hacked with NSO’s zero-click spyware