Indian politicians say Apple warned them of state-sponsored attacks
Nobody knows which state, but government never quite shrugged off claims it uses spyware
Indian politicians and media figures have reported that Apple has warned them their accounts may be under attack by state-sponsored actors.
All of the politicians who received the warnings are members of opposition parties. One recipient, MP Mahua Moitra, shared a screenshot of the email she received from firstname.lastname@example.org, which stated: "Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID."
Mahua's post added: "@HMOIndia - get a life. Adani & PMO bullies - your fear makes me pity you."
"HMO" refers to India's Ministry of Home Affairs. Adani is an Indian conglomerate that imports coal and was recently accused by the opposition of inflating prices. "PMO" refers to the Prime Minister's Office and is relevant because India's opposition has alleged that Prime Minister Narendra Modi has given political cover to Adani.
Mahua's post therefore accuses India's government of being the state actor Apple believes has attacked her iPhone.
Which is quite an accusation.
But not beyond the realms of possibility because, in 2021, phone numbers used by Indian journalists and politicians were found on lists targeted by users of the NSO Group's notorious Pegasus spyware.
India's opposition declared its government treasonous and made much of the spyware allegations.
At the time, India's tech minister Ashwini Vaishnaw did not deny that India had acquired or used Pegasus, and pointed out that not all phone numbers listed by NSO were attacked. He also noted that India has laws covering legal interception of communications.
Vaishnaw yesterday challenged Apple's actions.
"Information by Apple on this issue seems vague and non-specific in nature," he wrote, adding that the iGiant "states these notifications may be based on information which is 'incomplete or imperfect,'" or could be false alarms.
He's right: Apple's page describing its state-sponsored threat alerts does offer those warnings.
- Amnesty International and French media protection org claim massive misuse of NSO spyware
- Vietnam accused of Predator spyware attack on EU and US politicians
- US adds Euro spyware makers to export naughty list
- Pegasus-pusher NSO gets new owner keen on the commercial spyware biz
There is no evidence that India's government attacked its own. But observers have expressed concern that the nation's government is intolerant of dissenting voices. The Washington Post's editorial board recently worried that India's government is displaying "autocratic drift," a reference to increased stifling of dissent, sometimes with internet shutdowns. Facebook, the Post reported, even found India's Army ran a network of inauthentic accounts, but the social network didn't act for fear of earning the displeasure of India's government.
It's also plausible that other states are behind the attack. Indeed, India's relations with neighbors such as Pakistan and China are frosty, and both could conceivably be behind a state-sponsored attack. So could Russia, which has reason to be upset that India has edged closer to the West in recent years.
Only Apple knows the source of the incidents that caused it to send the alerts, and it isn't telling.
"We are unable to provide information about what causes us to issue threat notifications, as that may help state-sponsored attackers adapt their behavior to evade detection in the future," states Apple's support page. ®