Apple has once again alerted certain users of the iPhone in India about a potential spyware attack targeting their devices. This notification marks the second time the company has issued such a warning to users in India and across 98 other countries.
According to media reports, in its latest notification, the iPhone-maker warned users about the dangers of mercenary spyware attacks, which it described as exceptionally rare and sophisticated. According to Apple, such attacks are vastly more advanced than regular cybercriminal activity or consumer malware. They often involve significant financial investment, with costs running into millions of dollars, and are individually targeted at a very small number of people. Despite their rarity, these attacks are ongoing and have a global reach, posing a significant risk to user privacy and security.
Mercenary spyware has been a concern that Apple has been addressing since 2021. Spyware like the notorious Pegasus software developed by the Israeli NSO Group are known to be capable of gaining remote control over personal devices. This includes accessing messages, photos, and even activating the microphone and camera in real-time, thereby allowing attackers to conduct extensive surveillance on their targets. The sophistication and targeted nature of these attacks make them particularly concerning.
Among the recipients of the latest alerts were Iltija Mufti, political adviser and daughter of former Jammu and Kashmir Chief Minister Mehbooba Mufti, and Pushparaj Deshpande, founder of the Samruddha Bharat Foundation. Both individuals have expressed their intentions to have their devices forensically examined to determine the extent of the spyware’s impact. They have also raised concerns about the potential involvement of the Indian government in these attacks, although no concrete evidence has been presented to support these claims.
Since 2021, Apple has been proactive in notifying users about potential cyber threats, sending notifications to users in over 150 countries. This reflects Apple’s ongoing commitment to safeguarding user privacy and enhancing security measures. The company has also been engaged in discussions with various governments, including India’s Ministry of Electronics and Information Technology (MeitY), to address these threats. However, as of the time of publication, neither Apple nor MeitY has provided comments on the latest round of notifications.
The Pegasus spyware has been at the center of numerous high-profile investigations, revealing extensive surveillance operations conducted by various state actors. A 2021 investigation by the Forbidden Stories collective uncovered widespread targeting of civil society organizations, opposition politicians, and journalists worldwide. Despite the revelations, the Indian government has neither confirmed nor denied the use of Pegasus spyware. In April 2023, the Indian Computer Emergency Response Team (Cert-In) flagged multiple vulnerabilities in Apple’s operating system for the iPhone and the iPad. The agency highlighted that flaws in the Safari web browser versions before 17.4.1 and iOS versions before 17.4.1 could allow attackers to execute arbitrary code on targeted devices.
