Apple, on Thursday, issued new threat alerts to select users in India and 91 other nations, cautioning them about potential security breaches on their iPhones, which may have been targeted by mercenary spyware, similar to Israel’s Pegasus spyware.
“This attack is likely targeting you specifically because of who you are or what you do. Although it’s never possible to achieve absolute certainty when detecting such attacks, Apple has high confidence in this warning — please take it seriously,” the email added.
This time, Apple refrained from attributing the attack to any specific entity, unlike October 2023, when the company issued warnings to several Indian journalists and opposition politicians regarding a potential "state-sponsored attack".
Among the recipients were opposition political figures such as Shashi Tharoor, Priyanka Chaturvedi, Mahua Moitra, Akhilesh Yadav, and others.
What is Apple's new warning?
Thursday morning saw Apple sending out email alerts to users, warning of a potential "mercenary spyware attack" targeting iPhones remotely. Apple noted that such attacks, exemplified by Pegasus from the NSO Group in Israel, are exceptionally uncommon and significantly more sophisticated than typical cybercriminal activities. The extent of the dissemination of this notification to Indian users by Apple remains unclear at this point.
Spyware constitutes a form of malicious software employed for surveillance objectives. It disrupts a device's regular functioning to surreptitiously gather information without the user's awareness. Subsequently, the gathered data is transmitted to an unauthorised entity, often a government operator of the spyware.
Extremely intrusive spyware grants unrestricted access to a device by default, leaving minimal to no evidence. Consequently, users find it nearly impossible to detect compromise without such notifications or thorough forensic examination.
In its latest update posted on Wednesday, Apple stated that the threat notifications were aimed at assisting users who may have been targeted individually by mercenary spyware attacks. Israeli-backed Pegasus, which Apple referenced as one such mercenary spyware involved in the attack, has been frequently leveraged by state entities for surveillance and cybercrime against activists and opposition figures.
As of January 15, an Apple support page referred to these threats as "state-sponsored attacks". Presently, the same Apple page states that these attacks have “historically associated with state actors, including private companies developing mercenary spyware on their behalf”.
Apple's previous statement highlighted the distinctive nature of state-sponsored attackers, who allocate significant resources to target a select few individuals and their devices, rendering these attacks particularly challenging to detect and thwart. Referring to these sophisticated attacks as intricate, the company had explained that they entail substantial financial investment, and typically have a limited lifespan.
What are Apple's threat notifications?
In November 2021, Apple introduced a threat notification system aimed at alerting users potentially targeted by state-sponsored attackers. This initiative followed Apple's legal action against the NSO Group, the Israeli developer of Pegasus, in response to the second wave of Pegasus-related revelations in July 2021.
In 2021, the Pegasus Project by The Wire and 16 other media organisations, uncovered the Indian government's use of this spyware against opposition leaders, journalists, members of the judiciary, the Electoral Commission, and activists.
The investigation indicated that the military-grade spyware had been deployed for unauthorised surveillance of opposition figures, activists, and journalists, including Congress MP Rahul Gandhi, and Siddharth Vardarajan, and MK Venu the founding editor of The Wire. According to reports, in India, 161 individuals were subject to spying using Pegasus. The Indian government had refuted these allegations.
In October 2023, the reports of Apple sending a new round of threat notifications globally, including the Indian opposition leaders and journalists surfaced. The company noted that those iPhones may have been targeted by “state-sponsored attackers”. However, in a subsequent clarification, the company also said that it does not attribute the threat notifications to any specific state-sponsored attacker.
Among the politicians who received the alert were Trinamool Congress MP Mahua Moitra, MP and chief of the All India Majlis-e-Ittehadul Muslimeen party, Asaduddin Owaisi, Shiv Sena MP Priyanka Chaturvedi and Congress leader Shashi Tharoor and party's spokespersons, Pawan Khera and Supriya Shrinate.
A forensic analysis, done by Amnesty International’s Security Lab, on the phones of individuals around the world who received these notifications, found traces of Pegasus spyware activity on their devices.
In the aftermath, Apple had faced backlash from the BJP government over threat notifications to the leading Indian opposition regarding the potential state-sponsored attack. In November 2023, CERT-In initiated an investigation into these notifications, followed by a meeting between officials from Apple's cybersecurity team in the US and Indian government officials in December. The current progress or outcome of the investigation remains undisclosed.