Row as Apple sends hacking alert to several Oppn leaders

New Delhi: At least nine Opposition leaders said on Tuesday that they were sent emails by Apple warning them of hacking attempts by unidentified “state-sponsored” attackers, prompting the government to ask the American tech company to share more details amid a political row.

Among the politicians who purportedly got emails were the Congress’s Shashi Tharoor, Pawan Khera and Supriya Shrinate, the Samajwadi Party’s Akhilesh Yadav, the Shiv Sena’s Priyanka Chaturvedi, the CPI(M)’s Sitaram Yechury, the Trinamool Congress’s Mahua Moitra, the Aam Aadmi Party’s Raghav Chadha, and the All India Majlis-E-Ittehadul Muslimeen’s Asaduddin Owaisi.

Others who said they got similar messages also included The Wire’s Siddharth Varadarajan and Observer Research Foundation’s Samir Saran. The Bharatiya Janata Party’s IT cell head Amit Malviya told news channels on Tuesday evening that Union minister Piyush Goyal also got such a notification.

Union information technology minister Ashwini Vaishnaw said the government will “get to the bottom” of the issue.

“The Government of Bharat takes its role of protecting the privacy and security of all citizens very seriously and will investigate to get to the bottom of these notifications. In light of such information and widespread speculation, we have also asked Apple to join the investigation with real, accurate information on the alleged state sponsored attacks,” Vaishnaw said in a string of posts on X, formerly Twitter.

“There are many compulsive critics in our country. Their one and only job is to criticise the government as and when they wake up, as and when they find an opportunity. You must have all seen the advisory issued by Apple. This is a vague advisory. It is based on certain estimations that they have done. Apple has already clarified that their encryption system is of highest possible order. They have also clarified and issued a statement saying that this kind of advisory has been issued in 150 countries,” he said.

To be sure, the advisory has been sent by Apple to people in 150 countries since this notification system was introduced in November 2021, not just last night. Apple has routinely alerted users and rushed emergency software patches after hackers — often from sophisticated cyber mercenary groups — exploit previously undiscovered software flaws known as zero-days.

Such attacks were in the spotlight in 2021 when Israel-based NSO Group’s Pegasus software was found on a number of targets globally, and was suspected to have infected a number of people in India. Apple did not confirm the specific individuals it sent the alert and said in a statement that it does not “attribute the threat notifications to any specific state-sponsored attacker”.

The company, cited a disclosure on its website regarding such notifications and reiterated that it was possible that some Apple threat notifications may be false alarms, or that some attacks are not detected. “We are unable to provide information about what causes us to issue threat notifications, as that may help state-sponsored attackers adapt their behaviour to evade detection in the future.”

The mail the company sent out said: “Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID. These attackers are likely targeting you individually because of who you are or what you do. If your device is compromised by a state-sponsored attacker, they may be able to remotely access your sensitive data, communications, or even the camera and microphone. While it’s possible this is a false alarm, please take this warning seriously.”

Throughout Tuesday, names of several more politicians emerged, but whether they received an email could not be verified.

Tharoor, Khera and Chaturvedi told HT they got the message and follow-up email between 11.30pm on Monday night and 12.15am on Tuesday morning. Tharoor said he saw the email around 7am on Tuesday. On logging into his account on the Apple website, his account displayed a warning about the potential compromise in red. “The email does not advise us to go public but I think it is important to go public as that is the best security we have. There is a pattern here. It is a disgrace that people are wasting taxpayers’ money this way. There are more genuine threats to national security than opposition leaders,” he said.

Congress leader Rahul Gandhi held a press conference in the afternoon and said people in his office and several party leaders too were sent an alert. Gandhi accused the government of indulging in “distraction politics” on the Adani issue, which the opposition has accused of creating monopolies in various sectors in the country. “We are not scared. You can do as much phone tapping as you want, I don’t care. If you want to take my phone, I will give it to you…,” Gandhi said.

Yechury wrote to Prime Minister Narendra Modi and said any such move “constitutes a gross violation of the fundamental rights guaranteed by the Constitution of India to all its citizens”.

Chadha, who received a notification from Apple in the morning, said: “I received a concerning notification from Apple, warning me about a potential state-sponsored spyware attack on my phone. The notification stated ‘if your device is compromised by a state-sponsored attacker, they may be able to remotely access your sensitive data, communications, or even the camera and microphone’.”

The AAP leader said he uses his phone for official purposes as an MP as well as personal purposes, and called the potential attack on his phone an attack on the democratic interests of the country. “This notification is reminiscent of the Pegasus spyware scandal which also had targeted many voices that are critical of the BJP,” said Chadha.

Chaturvedi said she got a message followed by an email from Apple. “…they gave us some dos and don’ts to safeguard ourselves and to reach out to Apple through this 24X7 helpline website to safeguard ourselves and our identity. They expressed concerns that this is a very serious issue that should not be taken lightly.”

Tuesday’s disclosures come a year after a committee of Supreme Court-appointed experts found inconclusive evidence of the presence of Pegasus spyware in the 29 phones it analysed. The panel said the government did not cooperate with its probe while recommending new laws and measures to protect citizens from illegal surveillance and cyber attacks.

In a post on X, minister of state for IT Rajeev Chandrasekhar said the government will investigate these “threat notifications” as well as Apple’s “claims of being secure and privacy compliant devices”. Questioning Apple’s claims of designing privacy-preserving products, he also said that the government expects Apple to clarify “if its devices are secure” and why these notifications “are sent to people in over 150 countries”.

Experts said the incident requires more scrutiny. “If a wide number of users in India are being sent these alerts and most of them belong to the Opposition or are vocal critics of the government, it shows that the situation that was brought out by the Pegasus revelations has not been sorted. If anything, it has been buried deeper,” Raman Jit Singh Chima, Asia policy director and Senior International Counsel at Access Now, said.