IFF wrote to CERT-IN on Apple threat notification

Recently, Apple warned several users of targeted state-sponsored attacks on their iPhones, sparking speculations about device hacking and surveillance. We write to CERT-In (which is on its toes!) with key considerations as it begins its probe.

On Oct 30, Apple sent an eerie notification to opposition leaders, journalists, and researchers in India. The message hinted at government interference with their mobile devices: “State-sponsored attackers may be targeting your iPhone.”

Apple’s threat notification system detects state-sponsored attacks through the threat intelligence signals it receives. The system is not foolproof, with the complexity of such attacks leading to potential false positives or negatives.

This received a lukewarm response from Union Minister Ashwini Vaishnaw, who dismissed it as a “vague advisory,” and claimed that similar advisories have been issued in 150 countries, intending to dilute the gravity of the matter.

As the investigation begins, we write to CERT-In requesting:
:one: A holistic investigation to be undertaken, incl. testimonies from parties, and examining the state’s intent, process, and legal safeguards.
:two: Remember Pegasus? In 2021, 300 Indian numbers, including ministers and activists, were in the crosshairs. The Union Government’s response was insufficient, but now it must exercise caution.

No statutory surveillance powers under the Telegraph Act & IT Act allow spyware installation. We urge CERT-In to conduct a thorough investigation as targeted attacks, like manipulating devices without consent, violate privacy.

Read more here-