iPhone hack alert: Govt to probe, says Apple’s response vague

The government was caught in the eye of a storm with several opposition leaders on Tuesday sharing screen shots on social media platform X of messages received on their iPhones warning them that their device was under threat of state-sponsored attack.

With Apple providing a rather vague clarification on the matter, communications and IT minister Ashwini Vaishnaw ordered a probe in the matter and asked Apple to join the investigation. He said that the information provided by Apple in the matter was vague and non-specific in nature.

Minister of state for electronics and IT, Rajeev Chandrasekhar also said that the government will investigate these notifications and also Apple’s claims of being secure and privacy compliant devices.
“Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID. These attackers are likely targeting you individually because of who you are or what you do,” the message read.

In its clarification, Apple said it does not attribute the threat notifications to any specific state-sponsored attacker. It said that state-sponsored attackers are very well-funded and sophisticated, and detecting such attacks relies on threat intelligence signals that are often imperfect and incomplete. The company also did not rule out the possibility of such threat notifications being false alarms. “We are unable to provide information about what causes us to issue threat notifications, as that may help state-sponsored attackers adapt their behaviour to evade detection in the future,” Apple said.

It did not categorically say what triggered warnings received by several opposition parties MPs.

Since enabling the Threat Notifications feature in 2021, Apple said it has sent Threat Notifications to individuals whose accounts are in nearly 150 countries.

“Apple has also claimed that Apple IDs are securely encrypted on devices, making it extremely difficult to access or identify them without the user’s explicit permission. This encryption safeguards the user’s Apple ID and ensures that it remains private and protected,” Vaishnaw said.

He said that the investigation will be very technical requiring domain expertise. “A technically qualified agency like Cert-In, which has global collaboration with all the major experts of the world will be investigating and will be taking help from all other law enforcement agencies as and when required,” the minister said.

Chandrasekhar said the government is committed and duty-bound to protect the privacy of citizens and takes this responsibility very seriously.

“Apple notifying users about a state-sponsored threat alert smacks of corporate overreach. Either they tell the user who the state sponsor is (name and shame) or just zip up. One can’t bat both ends: play good guy and continue to do business and yet sound holier than thou,” Llyod Mathias, angel investor and former CMO Motorola, said in a post on X.