The government on Tuesday asked Apple to participate in its investigation and provide accurate information on the alleged state-sponsored attacks, telecom and IT minister Ashwini Vaishnaw said on Tuesday, following disclosures on the microblogging site X, formerly known as Twitter, by several MPs, including Congress national president Mallikarjun Kharge and party’s general secretary organization K.C. Venugopal, Congress leader Shashi Tharoor, Trimalool Congress MP Mahua Moitra, Shiv Sena (UBT) MP Priyanka Chaturvedi and Aam Aadmi Party’s Raghav Chadha, some lawyers and journalists.
“The government is very concerned and will get to the bottom of the issue. An investigation has been ordered into this matter already,” the minister told reporters in Bhopal earlier in the day. “We request everyone who has received the advisory to cooperate with the investigation and make sure that we go to the depth of the matter,” he said, adding that the investigation would involve deep technical domain expertise, which will be provided by Indian Computer Emergency Response Team (CERT-In), that it will also take help of law enforcement agencies as and when required.
He further said CERT-In, India’s agency that coordinates cybersecurity efforts and looks into instances of data breaches, had issued a high-risk advisory for Apple products on 27 October, warning users of multiple vulnerabilities in Apple products that could allow attackers to undertake malicious actions, including accessing sensitive information without authorization. It asked Apple users to update their systems with the latest firmware to prevent hacking or data theft.
Vaishnaw also noted that Apple had issued the alert based on estimates and issued the advisory in 150 countries, which may be based on information which is ‘incomplete or imperfect’ and that some Apple threat notifications may be false alarms or some attacks are not detected. Apple has also claimed that Apple IDs are securely encrypted on devices, making it extremely difficult to access or identify them without the user’s explicit permission. This encryption safeguards the user’s Apple ID and ensures that it remains private and protected, the minister said.
“We are concerned by the statements we have seen in media from some MPs as well as others about a notification received by them from Apple. The notification received by them, as per media reports, mentions ‘state-sponsored attacks’ on their devices. However, much of the information by Apple on this issue seems vague and non-specific in nature,” the minister said in a statement on social media platform X later in the day.
“In light of such information and widespread speculation, we have also asked Apple to join the investigation with real, accurate information on the alleged state-sponsored attacks,” he added.
He, however, pointed to several ‘compulsive critics’ who he said would criticize the government irrespective of the issue and accused them of doing ‘distraction politics.’ Earlier in the day, following the alerts sent by Apple, Congress leader Rahul Gandhi said that the government was indulging in ‘distraction politics’ by deploying agencies to conduct probes and surveillance as and when the Adani issue is touched upon.
Minister of state for electronics and IT, Rajeev Chandrasekhar said on X, that he expected Apple to clarify on several counts, including whether its devices were secure since they have claimed that their products were designed for privacy and why the ‘threat notifications’ were sent to people in over 150 countries.
Meanwhile, Apple said in a statement on Tuesday that it did not attribute the threat notification to any specific state-sponsored attacker.
“State-sponsored attackers are very well-funded and sophisticated, and their attacks evolve over time. Detecting such attacks relies on threat intelligence signals that are often imperfect and incomplete. It’s possible that some Apple threat notifications may be false alarms or that some attacks are not detected. We are unable to provide information about what causes us to issue threat notifications, as that may help state-sponsored attackers adapt their behaviour to evade detection in the future,” the company said.
The statement followed warning emails sent by Apple to many of its users informing them of targeted state-sponsored attackers that were trying to remotely compromise the device associated with the user’s Apple ID and that the attackers were targeting the user individually ‘because of who you are or what you do’.
The cautionary email further states that if the device was compromised by a state-sponsored attacker, it may be able to remotely access the user’s sensitive data, communications, camera or microphone. “While it is possible that this is a false alarm, please take this warning seriously,” as per the text of the email seen by Mint.
“Exciting news! Mint is now on WhatsApp Channels 🚀 Subscribe today by clicking the link and stay updated with the latest financial insights!” Click here!
Download The Mint News App to get Daily Market Updates.
Updated: 31 Oct 2023, 11:51 PM IST