Apple has sent iPhone hack warnings to the leader of India’s main opposition party, alongside other politicians opposing Narendra Modi’s government. Two high-profile journalists and a researcher have also been notified by Apple that their iPhones appear to have been compromised.
It’s the latest example of Apple fighting back against spyware like Pegasus by identifying signs that an iPhone has been attacked, and proactively notifying victims – and this one puts Apple in a potentially delicate situation …
iPhone spyware
While iPhones are designed with security and privacy in mind, the sheer complexity of the code in A-series chips and iOS means that there are always zero-day vulnerabilities – flaws which are unknown to Apple – waiting to be discovered.
Discovering and exploiting these requires huge resources, with spyware companies paying hackers a million dollars or more for alerting them to new vulnerabilities which can be exploited. The best-known iPhone spyware is NSO’s Pegasus, while Paragon’s Graphite is another example.
The most notable thing about Pegasus and Graphite is that they use zero-click attacks, where you don’t need to fool the user into tapping a link or visiting a website – merely receiving a carefully-crafted iMessage, without interacting with it in any way, is enough to compromise the phone. The spyware then provides the attacker with access to almost everything on it it, including messages, emails, photos, contacts, and locations.
Both the US government and Apple have been fighting back. The US banned the import and use of Pegasus, while Apple has for two years proactively alerted those it believes have been targeted.
iPhone hack warning sent to Indian opposition leader
TechCrunch reports that Apple has sent an iPhone hack warning to Rahul Gandhi, the leader of India’s main opposition party. Additional warnings have been sent to others.
Apple has warned over a half dozen Indian lawmakers from Prime Minister Narendra Modi’s main opposition of their iPhones being targets of state-sponsored attacks, these people said Tuesday, in a remarkable turn of events just months before the general elections in the South Asian nation.
Rahul Gandhi, Indian opposition leader, said in a media briefing Tuesday that his team had received the said alert from Apple. Shashi Tharoor, a key figure from the Congress party; Akhilesh Yadav, the head of the Samajwadi Party; Mahua Moitra, a national representative from the All India Trinamool Congress; Priyanka Chaturvedi of Shiv Sena, a party with notable influence in Maharashtra reported that they too had been notified by Apple regarding a potential security attack on their iPhones.
Others notified include two well-known political journalists.
Puts Apple in a delicate position
The cost and work involved in compromising iPhones in this way means that these attacks are almost exclusively carried out by state actors – that is, governments.
In this case, the obvious suspect is the Indian government, seeking to spy on opposition politicians and others likely to have knowledge about plans for the upcoming election campaign.
As with China, Apple relies on close cooperation with the Indian government to facilitate rapidly-growing iPhone production in the country. CEO Tim Cook has personally met with Indian prime minister Narendra Modi on a number of occasions.
Some of the negotiations involved have been extremely lengthy and complex – especially those around opening Apple Stores in the country – and the Cupertino company would not want to do anything to upset that relationship.
At the same time, it can’t sit back and do nothing when it knows that the Indian government is hacking iPhones.
The company walked a delicate line in describing the attacks as state-sponsored, without identifying a state, and being careful to say that it might be wrong.
“State-sponsored attackers are very well-funded and sophisticated, and their attacks evolve over time. Detecting such attacks relies on threat intelligence signals that are often imperfect and incomplete. It’s possible that some Apple threat notifications may be false alarms, or that some attacks are not detected. We are unable to provide information about what causes us to issue threat notifications, as that may help state-sponsored attackers adapt their behavior to evade detection in the future.”
Photo: Shubham Sharma/Unsplash
FTC: We use income earning auto affiliate links. More.