Apple just issued iPhone hack warnings to more than a half-dozen people in India. They happen to be lawmakers from Prime Minister Narendra Modi’s main opposition. The state-sponsored attacks occurred several months ahead of India’s upcoming general elections. Some journalists have also been among the targets.
The warnings sound a lot like what Apple did when dealing with the dangerous Pegasus spyware that could infect an iPhone via a message — even without the user interacting with it.
It’s unclear who is behind this new spying attempt, but Apple referred to the threat in its statement as a state-sponsored attack. Also, it’s unclear what spyware program the nation-state actor is using. Or whether it’s exploiting any newly found security issues that Apple has yet to patch.
Are iPhone users at risk?
“State-sponsored attackers are very well-funded and sophisticated, and their attacks evolve over time,” Apple told TechCrunch in a statement.
The statement continued, “Detecting such attacks relies on threat intelligence signals that are often imperfect and incomplete. It’s possible that some Apple threat notifications may be false alarms, or that some attacks are not detected. We are unable to provide information about what causes us to issue threat notifications, as that may help state-sponsored attackers adapt their behavior to evade detection in the future.”
Only specific targets are at risk of being spied upon, not regular iPhone users. TechCrunch listed some of the targets of the attack:
- Rahul Gandhi, Indian opposition leader;
- Shashi Tharoor, a key figure from the Congress party;
- Akhilesh Yadav, the head of the Samajwadi Party;
- Mahua Moitra, a national representative from the All India Trinamool Congress;
- Priyanka Chaturvedi of Shiv Sena, a party with notable influence in Maharashtra;
- Asaduddin Owaisi, the leader of the All-India Majlis-e-Ittehadul Muslimeen (AIMIM);
- Raghav Chadha from AAP;
- Sitaram Yechury, the General Secretary of the Communist Party of India;
- Pawan Khera, congress spokesperson;
- Journalists Siddharth Varadarajan and Sriram Karri;
- Observer Research Foundation (ORF) India President Samir Saran
Some of them posted screenshots on social media of Apple’s threat notifications, as seen above and below.
What attack is being used?
The report notes that the Indian government has been accused of deploying Pegasus spyware against activists and opposition leaders. India never acknowledged contracts with the NSO Group, but Pegasus has been found on the iPhones of targets.
Moreover, the Indian government has been seeking new spyware contracts, per a March Financial Times report.
Apple did not connect the attack to the Indian government. The iPhone maker is also in a delicate position. On the one hand, it wants to be transparent about such attacks going on in the wild. On the other hand, it’s looking to expand its position in India, both when it comes to iPhone manufacturing and retail stores.
India’s IT Minister Ashwini Vaishnaw said the government is concerned with the revelations. It’s conducting an investigation, he said, while downplaying the allegations. He categorized Apple’s notifications as “vague” and “estimations.”
Pegasus deja-vu
The Pegasus spyware attack used against iPhones belonging to politicians, journalists, and other high-prized targets was one of the biggest security issues Apple had to face. The attack relied on a 0-day exploit to install malicious code on iPhone via iMessage without requiring user interaction.
Thankfully, the attack wasn’t used at scale against regular iPhone users. Developed by NSO Group, Pegasus usually had nation-state customers, especially totalitarian regimes looking to stifle opposition and dissent.
Apple dealt with the issue at the time, which included informing potential targets about detected attacks. The last time we talked about Pegasus warnings from Apple was in late November 2021.
But TechCrunch points out that Apple has alerted individuals in nearly 150 countries since enabling notifications for this sort of hack. It’s unclear what other programs might have caused Apple to issue similar notifications.
What to do if you’re a target
Since Pegasus, Apple has also built protections in iOS that would allow users to reduce their exposure to malicious apps that would spy on them.
Apple built into iOS 16 a Lockdown Mode feature so iPhone users can do something in case they might be attacked. Users who received similar alerts should enable it to reduce the risks of the handset running malicious code.
Lockdown mode can be enabled in the Privacy section of the Settings app. It will impact your regular iPhone experience by removing some features. You can find out more details about it at this link.
