As Opposition leaders intensified allegations of government snooping after receiving alerts from the tech firm Apple that a “state-sponsored attacker” may be targeting their digital devices, government officials and ruling party politicians moved to advance a series of misleading and vague statements on the nature of the warning. The government says that it will investigate Apple’s message, which was delivered on Monday night to top leaders in the Congress and other Opposition outfits, as well as some journalists and civil society members.
Minister of Electronics and Information Technology Ashwini Vaishnaw, for instance, posted on the social media platform X that “information by Apple on this issue seems vague and non-specific in nature,” even as the company warned users in detail how the attacks they may have detected could infiltrate targets’ phones and remotely access their devices’ contents, and get a real-time feed from devices’ cameras and microphones.
The Minister, as well as other officials, seized on a so-called ‘background’ note that Apple had included in its messages to journalists, which said that the alerts had been sent in 150 countries. Background notes are usually sent by public relations workers to provide additional background information that they do not want to be directly quoted on. The firm as well as the Minister left out some key context: that this number was for all alerts sent since 2021, not the batch that Opposition leaders and others in India had received this week. No user in any other country has publicly reported receiving such an alert since the warnings were first delivered this week.
Apple spokespeople in India circulated a statement saying that they did not blame “any specific” government attacker, distancing itself from the interpretation that the alerts were accusing the Indian government of spying. IT Minister of State Rajeev Chandrasekhar claimed on live television that Commerce and Industry Minister Piyush Goyal also received an alert, but later walked back that statement, saying it was a ‘friend’ of Mr. Goyal instead.
‘Why are users referred to Access Now?’
Meanwhile, Sanjeev Sanyal, an academic serving on the Prime Minister’s Economic Advisory Council, took a “just asking questions” approach on Twitter to poke holes in the credibility of Apple’s standardised warnings, wondering aloud on X why the firm was referring users to Access Now, a non-profit that works on privacy and digital rights, instead of providing counsel itself, and pointed to, without elaborating, funding the body received from the billionaire George Soros’s Open Societies Foundations.
Firms such as Apple and Google do not publish technical details of many of the security vulnerabilities they patch, to avoid giving firms that stockpile intelligence on these weaknesses any useful insights on their defensive cybersecurity capabilities. So-called zero day exploits — weaknesses discovered by attackers but not by tech firms themselves — are routinely patched in software updates, and external cybersecurity researchers may sometimes publish findings on these after working with the company concerned to fix the issue beforehand. Since zero-days have a “short shelf-life,” according to Apple, they are usually only deployed to a small group of targets, to maximise their utility before their modus operandi is discovered.
Additional security safeguards
It is also not uncommon for tech firms to encourage additional security safeguards to high-profile targets, even if they market security features that are ironclad for most users. Access Now has worked to support and push back on Apple on different occasions: on the issue of requiring ‘backdoor’ access to personal devices that law enforcement can access, the nonprofit backed the tech giant’s resistance in 2016. On Apple’s proposal to scan users’ personal photos to spot and report illegal child sex abuse material, the nonprofit pushed back, saying the technology could be subverted by authoritarian regimes for other purposes.
Some time back, “Apple started monitoring anomalies on devices” that allowed them to detect some zero-days even if they did not have direct information about how they operated, Wojciech Reguła, a security researcher based in Katowice, Poland, told The Hindu. The Opposition leaders “could have been infected with a vulnerability which Apple was aware of,” he added. The latest version of Apple’s iOS operating system, 17.1, patches a vulnerability that was discovered and reported by Mr. Reguła and another researcher.
This may change if the vulnerability Apple detected was discovered by an outside organisation. This is what has happened with multiple vulnerabilities, particularly those detected by research bodies such as Citizen Lab, which detailed the inner workings of the Pegasus spyware, built by now-defunct Israeli firm NSO Group. If such an organisation publishes findings on fresh vulnerabilities, it may shed further light on the alerts sent out by Apple this week, and open the door to forensic examinations of devices to see if the attack attempts were successful.
If indeed Apple has detected spyware attempts it internally attributes to India, it is unclear how it will respond to an Indian government investigation. S. Krishnan, the IT Secretary, told reporters on Wednesday that the Indian Computer Emergency Team was working on the investigation, and that Apple has been sent a notice to comply. It is unclear if Apple will provide information about the vulnerability it detected to investigators. The government, on its part, has not categorically denied spying on political opponents, or floated any indications that a foreign state attacker could be involved. As for Apple, it has not yet revealed if the attacks it warned users about were successful intrusions detected after the fact, or thwarted attempts.
