New Delhi: CERT-In, the nodal agency that deals with cybersecurity threats, has begun its investigation in the Apple threat notification issue, and a notice has been sent to the company, IT secretary S. Krishnan said on Thursday (November 2).
“CERT-In has started its probe… they (Apple) will cooperate in this probe,” news agency Press Trust of India reported Krishnan as saying at an event related to the MeitY-NSF research collaboration.
The threat relates to a message saying “Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID ….”, which was sent to by multiple opposition leaders, including Mahua Moitra, Raghav Chadha, and Shashi Tharoor. It was also sent to several journalists, including Siddharth Varadarajan, founding editor of The Wire; Sriram Karri, resident editor of Deccan Chronicle; and Ravi Nair, journalist, OCCRP.
The email titled “ALERT: State-sponsored attackers may be targeting your iPhone” goes on to say, “These attackers are likely targeting you individually because of who you are or what you do. If your device is compromised by a state-sponsored attacker, they may be able to remotely access your sensitive data, communications, or even the camera and microphone.”
It urges the recipients, “While it’s possible this is a false alarm, please take this warning seriously.”
In a statement on October 31, Apple said, “Apple does not attribute the threat notifications to any specific state-sponsored attacker.”
These threat notifications were enabled by the company in 2021, and since then such notifications have reportedly been sent to individuals in nearly 150 countries.
Following opposition MPs’ claims of receiving these hacking attempt warnings, IT Minister Ashwini Vaishnaw issued a statement saying that “the government takes its role of protecting the privacy and security of all citizens very seriously.”
He added that the notification about ‘state-sponsored attacks’ “seems vague and non-specific in nature”.
Earlier this week, the Minister of State for Electronics and IT Rajeev Chandrasekhar had said that the government wants Apple to clarify if its devices are secure and why ‘threat notifications’ were sent to people in over 150 countries, given the company’s repeated claims about its products being designed for privacy.
Most of the names in the hacking attempt list are well-known people who are open critics of the Narendra Modi government.
The questions raised in this matter are a source of concern, as per many experts, who refocused attention on the 2021 Pegasus Project that revealed that over a dozen phones in India, belonging to politicians, journalists, human rights activists, and others, were infected with Israeli spyware.
The opposition members whose phones were infected with the spyware included then Congress president Rahul Gandhi, lawyers, a sitting judge, an election commissioner, the ousted CBI director and family members of such persons also, just before and after the previous general elections in 2019.
However, the Supreme Court-appointed committee investigating this matter noted that the Union government did not cooperate with its investigation, while adding that it found no conclusive evidence of spyware use in the examined phones.
The panel had submitted its final report to the apex court in August last year. However, the contents of the report are yet to be made public.
The government also did not explicitly deny that it uses Pegasus. With Apple’s notification pointing to an unknown state actor, all eyes will be on the government to see if it issues a denial.