The iPhone hacking controversy is a political and technological issue that emerged in India in late October 2023, when several opposition leaders claimed that they received warning messages from Apple Inc. that their iPhones were being targeted by state-sponsored attackers. The opposition accused the ruling Bharatiya Janata Party (BJP) government of trying to spy on them using malicious software or spyware. The government denied the allegations and said that it had asked Apple to join a probe into the matter. Apple said that it had sent out threat notifications to individuals in 150 countries and did not attribute them to any specific state actor.
What are the warning messages and what do they mean?
The warning messages that some iPhone users received from Apple read as follows:
“Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID. This may be an attempt to access sensitive data, communications, or even the camera and microphone on your device. We recommend that you take the following steps to protect yourself and your data:
- Change your Apple ID password and enable two-factor authentication
- Update your device to the latest version of iOS
- Enable lockdown mode on your device
- Avoid opening links or attachments from unknown or suspicious sources
- Contact Apple Support if you have any questions or concerns”
According to Apple, these messages are part of its threat notification system, which aims to alert and aid users who are potentially targeted by state-sponsored attackers. These are attackers who are backed by governments and have access to significant resources and expertise to carry out sophisticated and persistent cyberattacks against specific individuals or groups. Apple says that it uses various threat intelligence signals to identify such attacks, but admits that these signals are often imperfect and incomplete, and that some notifications may be false alarms or that some attacks may not be detected.
Who are the alleged targets and attackers?
Among the Indian politicians who reported receiving the warning messages from Apple are:
- Rahul Gandhi, former president of the Indian National Congress (INC) and leader of the opposition in the Lok Sabha (lower house of parliament)
- Mallikarjun Kharge, current president of the INC and leader of the opposition in the Rajya Sabha (upper house of parliament)
- Shashi Tharoor, INC MP and chairperson of the parliamentary standing committee on information technology
- K C Venugopal, INC general secretary and Rajya Sabha MP
- Priyanka Chaturvedi, Shiv Sena MP and deputy leader of the party
- Sitaram Yechury, general secretary of the Communist Party of India (Marxist) and Rajya Sabha MP
- Mahua Moitra, Trinamool Congress MP and spokesperson of the party
- Asaduddin Owaisi, president of the All India Majlis-e-Ittehadul Muslimeen and Lok Sabha MP
Some journalists, such as Siddharth Varadarajan, founding editor of The Wire, and Nidhi Razdan, former NDTV anchor and Harvard University professor, also said that they received the messages from Apple.
The opposition leaders alleged that the BJP government was behind the hacking attempts, and accused it of violating their privacy and constitutional rights. They also linked the issue to the previous Pegasus spyware scandal, which revealed that hundreds of Indian phone numbers, including those of journalists, activists, opposition politicians, government officials and business people, were among the potential targets of the Israeli-made spyware that can hack into phones and monitor calls, messages and other data. The government has denied any involvement in the Pegasus snooping, but has also refused to order an independent inquiry into the matter.
The government, on the other hand, dismissed the allegations of snooping as baseless and politically motivated, and said that it had asked Apple to share accurate and real information on the alleged state-sponsored attacks. It also pointed out that Apple had sent out the same advisory across 150 countries, and that it did not specify who the attackers could be. It said that it was committed to protecting the privacy and security of all citizens, and that it would investigate the issue thoroughly.
What are the implications and challenges?
The iPhone hacking controversy has raised several questions and concerns about the state of digital privacy and security in India, especially in the context of the growing use of technology and the internet for various purposes, such as communication, education, entertainment, commerce, governance and social activism. It has also highlighted the role and responsibility of tech companies like Apple, which claim to protect the privacy and security of their users, but also have to comply with the laws and regulations of different countries.
Some of the implications and challenges that emerge from the controversy are:
- The potential threat of cyberattacks and espionage by state or non-state actors, which can compromise the personal data, communications and devices of individuals or groups, and expose them to various risks, such as identity theft, blackmail, harassment, manipulation or physical harm.
- The lack of adequate legal and institutional frameworks to regulate and oversee the use of spyware and other forms of surveillance, and to protect the rights and interests of the citizens, especially in the absence of a comprehensive data protection law or an independent privacy commission in India.
- The difficulty of detecting and preventing such attacks, given the complexity and sophistication of the techniques and tools used by the attackers, and the limitations and challenges of the existing threat intelligence and notification systems, which may not be accurate, complete or timely.
- The need for greater awareness and vigilance among the users, and the adoption of best practices and measures to safeguard their devices and data, such as updating the software, changing the passwords, enabling the security features, and avoiding the suspicious links or attachments.
- The role and responsibility of the tech companies, such as Apple, which have to balance the interests and expectations of their users, shareholders, regulators and governments, and to ensure that they are transparent, accountable and cooperative in dealing with such issues, and that they do not compromise the privacy and security of their users for any reason.