A Union government agency has begun an investigation into security alerts sent by technology company Apple to several Indian Opposition leaders and journalists, a senior official said, according to PTI.
The Indian Computer Emergency Response Team, or CERT-In, has launched the investigation, Electronics and Information Technology Secretary S Krishnan said. “They [Apple] will cooperate in this probe,” he said.
CERT-In is a nodal agency under the Union Ministry of Electronics and Information tasked with responding to computer security incidents.
On Tuesday, Opposition leaders including the Congress’ Shashi Tharoor, TS Singhdeo, Revanth Reddy, Pawan Khera and Supriya Shrinate, Aam Aadmi Party’s Raghav Chadha and Samajwadi Party’s Akhilesh Yadav had received messages from the firm saying that “state-sponsored attackers” were trying to compromise their devices. Besides the Opposition leaders, at least five journalists had also received the message.
On Wednesday, several MPs who are part of the Standing Committee on Communications and Information Technology sought a meeting of the panel to discuss the matter, The Indian Express reported.
Communist Party of India (Marxist) MP John Brittas said he has written to the committee’s chairperson, the Shiv Sena’s Prataprao Jadhav, seeking a meeting. The Congress’ Karti Chidambaram said that he too would write to the panel chief.
“If there is a data breach, it is a matter of concern,” the Congress leader said. “The committee must take cognisance of it and seek answers. Why did the alerts go? What were the inputs that generated such alerts? Why only certain MPs got the alert and not everybody? The company should explain, the ministry should provide answers.”
However, Bharatiya Janata Party MP Nishikant Dubey, who is also a member of the standing committee, said that its meetings do not discuss day-to-day issues, reported The Indian Express. “This is not a [Congress MP] Rahul Gandhi committee,” Dubey said. “This is a parliamentary committee which is run by rules of Parliament.”
Apple security alert
In its alert to several Opposition MPs, Apple had warned that “if your device is compromised by a state-sponsored attacker, they may be able to remotely access your sensitive data, communications, or even the camera and microphone”. The notification added, “While it’s possible this is a false alarm, please take this warning seriously.”
On its website, Apple says: “Unlike traditional cybercriminals, state-sponsored attackers apply exceptional resources to target a very small number of specific individuals and their devices, which makes these attacks much harder to detect and prevent. State-sponsored attacks are highly complex, cost millions of dollars to develop and often have a short shelf life.”
However, in a subsequent clarification, the company said that it does not attribute the threat notifications to any specific state-sponsored attacker, The Hindu reported. An Apple spokesperson said the company is not specifically saying that the Indian government was responsible for these attacks, but added that it does not rule out the possibility.
“State-sponsored attackers are very well-funded and sophisticated, and their attacks evolve over time,” Apple said. “Detecting such attacks relies on threat intelligence signals that are often imperfect and incomplete. It’s possible that some Apple threat notifications may be false alarms, or that some attacks are not detected.”
The American technology company said that it is unable to provide information about what causes them to issue threat notifications since that may help state-sponsored attackers adapt their behaviour to evade detection in the future.
Limited-time offer: Big stories, small price. Keep independent media alive. Become a Scroll member today!
Our journalism is for everyone. But you can get special privileges by buying an annual Scroll Membership. Sign up today!