The national nodal agency for handling computer security instances, the Computer Emergency Response Team (CERT-In), has begun looking into the Apple threat notification issue brought up by opposition members of parliaments and some other persons. Furthermore, Electronics and Information Technology Secretary S Krishnan informed on 2nd November that a notice had been sent to the American technology giant in this regard.
At least seven opposition leaders claimed that Apple had warned them via email about “state-sponsored” attackers who might be attempting to remotely breach the iPhones linked to their identities. Following this, Union Electronics and Information Technology Minster said that Ashwini Vaishnaw said that the govt will probe the matter. The minister confirmed, “CERT-In, the national nodal agency for responding to computer security incidents, has started its probe. They (Apple) will cooperate in the inquiry.”
Ashwini Vaishnaw declared that the government is going to “get to the bottom” of the threat alerts given by the company to various leaders over iPhones and asked its assistance for the same. He posted a series of tweets in which he expressed concern on behalf of the government and wrote, “The notification received by them as per media reports mentions about ‘state-sponsored attacks’ on their devices.”
We are concerned by the statements we have seen in media from some MPs as well as others about a notification received by them from Apple. The notification received by them as per media reports mentions about ‘state-sponsored attacks’ on their devices. However much of (1/5)
— Ashwini Vaishnaw (@AshwiniVaishnaw) October 31, 2023
The minister asserted that the details offered by Apple “seems vague and non-specific in nature.” He pointed out, “Apple states these notifications may be based on information which is ‘incomplete or imperfect’.” He noted that it further added that “some Apple threat notifications may be false alarms or some attacks are not detected.”
information by Apple on this issue seems vague and non-specific in nature. Apple states these notifications maybe based on information which is ‘incomplete or imperfect’. It also states that some Apple threat notifications maybe false alarms or some attacks are not detected.(2/5)
— Ashwini Vaishnaw (@AshwiniVaishnaw) October 31, 2023
The former IAS officer highlighted that Apple alleged that their IDs are safely encrypted which makes it very difficult to access or recognise them without the user’s express consent. “This encryption safeguards the user’s Apple ID and ensures that it remains private and protected.”
Apple has also claimed that Apple IDs are securely encrypted on devices, making it extremely difficult to access or identify them without the user's explicit permission. This encryption safeguards the user's Apple ID and ensures that it remains private and protected.(3/5)
— Ashwini Vaishnaw (@AshwiniVaishnaw) October 31, 2023
The IT Minister assured that the Indian government is committed to safeguarding the security and privacy of its citizens and it intends to look into these alerts thoroughly.
The Government of Bharat takes its role of protecting the privacy and security of all citizens very seriously and will investigate to get to the bottom of these notifications. (4/5)
— Ashwini Vaishnaw (@AshwiniVaishnaw) October 31, 2023
Ashwini Vaishnaw proclaimed that the government requested that Apple participate in the investigation by providing genuine and accurate details on the purported state-sponsored assaults, given the available information and the general conjecture.
In light of such information and widespread speculation, we have also asked Apple to join the investigation with real, accurate information on the alleged state sponsored attacks. (5/5)
— Ashwini Vaishnaw (@AshwiniVaishnaw) October 31, 2023
The entire issue began after several opposition leaders claimed that they received an alert from Apple warning them of ‘state-sponsored attackers trying to remotely compromise’ their iPhones and alleged hacking by the government.
The ‘threat alerts’ have sparked a political firestorm and the Congress sought that the Lok Sabha’s Standing Committee on Information and Technology look into the scandal. Karthi Chidambaram, a Congress leader and the son of former home minister P Chidambaram, announced that he had written to the panel’s chairperson, Prataprao Jadhav and requested summons to Apple on its alerts to politicians cautioning them against “state-sponsored attack.”
On the other hand, Bharatiya Janata Party Godda MP Nishikant Dubey argued that the panel was operating in compliance with Lok Sabha rules and regulations rather than under the direction of Wayanad MP Rahul Gandhi or Thiruvananthapuram MP Shashi Tharoor.
Aam Aadmi Party Rajya Sabha MP from Punjab Raghav Chadha, Shashi Tharoor, Congress Working Committee (CWC) member Pawan Khera, Shiv Sena (Uddhav Balasaheb Thackeray) leader and Rajya Sabha MP from Maharashtra Priyanka Chaturvedi and Trinamool Congress Krishnanagar MP Mahua Moitra were among the nearly two dozen opposition politicians who accused that they had gotten an alert on their Apple iPhones warning them against “state-sponsored attackers trying to remotely compromise” their devices.
While the opposition tried to claim that the Modi government was behind the alleged “state-sponsored” cyber attacks, soon it was revealed that Apple users in at least 150 countries received the same message. Apple further said that the message was ‘unreliable’, adding that they can be false alarms, and some threats may not be detected.
Apple released a statement regarding the situation in which it declared that it does not link the threat notifications to any particular state-sponsored attacker. It read, “Apple does not attribute the threat notifications to any specific state-sponsored attacker. State-sponsored attackers are very well-funded and sophisticated, and their attacks evolve over time. Detecting such attacks relies on threat intelligence signals that are often imperfect and incomplete.”
It further added, “It’s possible that some Apple threat notifications may be false alarms, or that some attacks are not detected. We are unable to provide information about what causes us to issue threat notifications, as that may help state-sponsored attackers adapt their behaviour to evade detection in the future.”
The alerts from Apple have surfaced a year after a committee of experts appointed by the Supreme Court found that 29 phones it examined contained Pegasus spyware.