Apple Threat Alerts on iPhones and the Company’s Response to the Controversy in India
Yesterday, October 31, a startling incident occurred that sent shockwaves through the Indian political establishment. Several opposition party leaders were startled when they received alarming notifications on their iPhones, cautioning them about potential state-sponsored attackers attempting to compromise their devices remotely. Concerned by this development, the leaders shared screenshots of the alerts on their X accounts, seeking clarification. In response, the government reached out to the iPhone manufacturer, requesting further information about the alerts and expressing the need for close collaboration during the ongoing investigation.
Leaders who have been alerted include Congress leaders Shashi Tharoor, Pawan Khera and Supriya Shrinate, Samajwadi Party’s Akhilesh Yadav, Shiv Sena’s Priyanka Chaturvedi, CPI(M) Sitaram Yechury, Trinamool Congress Party’s Mahua Moitra. Raghav Chadha and Asaduddin Owaisi of All India Majlis-E-Ittehadul Muslimeen.
Within hours of the incident, Union Minister Ashwini Vaishnaw addressed a press conference where she said Cert-In was conducting an investigation and Apple was asked to provide “correct, accurate information about the alleged state-sponsored attacks”. , stressing that there was no need to panic: “You’ve all seen the advice given by Apple. This is a vague advice. It’s based on certain estimates that they’ve made. Apple has already clarified that their encryption system is the highest possible. They’ve also clarified and issued a statement, according to which such advice has been given in 150 countries.
What are Apple Threat Alerts?
According to the company, “Apple’s threat alerts are designed to inform and help users who may have been targeted by state-sponsored attackers. These users are uniquely targeted based on who they are or what they do. Unlike traditional cybercriminals, state-sponsored attackers use exceptional resources to target well to a small number of specific individuals and their devices, making attacks much more difficult to detect and prevent.”
Apple also emphasizes that conducting such attacks is extremely complex work, costs millions of dollars to develop, and often has a short lifespan.
Apple reacts to controversy in India
In the midst of the noise, Apple issued a statement. It said: “Apple does not attribute the threat notification to any state-sponsored attacker”. It also said the attackers were well-funded and sophisticated, and that their attacks evolved over time.
It added: “Detection of such attacks relies on threat intelligence signals, which are often incomplete and incomplete. It is possible that some of Apple’s threat notifications may be false alarms or some attacks may not be detected.”
Meanwhile, the tech giant refused to reveal the reason why the notices were sent. “We are unable to provide information about what prompts us to issue threat alerts, as this may help state-sponsored attackers adapt their behavior to avoid detection in the future.”
It should also be noted that the same alert was sent yesterday to high-profile accounts in over 150 countries.