What are Apple threat notifications on iPhones and how the company reacted to the row in India

In an incident yesterday, October 31, that rocked the Indian political establishment, at least nine political leaders from opposition parties received a shocking alert on their iPhones warning them of "state-sponsored attackers trying to remotely compromise” their device. It raised an alarm among leaders as they posted screenshots of the alerts on their X accounts, seeking clarification for the same. The government also raised a query with the iPhone maker to share more details about the alerts and to work closely as an investigation is conducted.

The leaders who received the alert include Congress leaders Shashi Tharoor, Pawan Khera and Supriya Shrinate, the Samajwadi Party's Akhilesh Yadav, the Shiv Sena's Priyanka Chaturvedi, the CPI(M)'s Sitaram Yechury, the Trinamool Congress's Mahua Moitra, the Aam Aadmi Party's Raghav Chadha, and the All India Majlis-E-Ittehadul Muslimeen's Asaduddin Owaisi.

Within hours of the incident, Union Minister Ashwini Vaishnaw addressed a press conference where he said that a probe by Cert-In would be conducted and Apple was asked to provide "real, accurate information on the alleged state-sponsored attacks”. He also added, highlighting there was no need to panic, “You must have all seen the advisory issued by Apple. This is a vague advisory. It is based on certain estimations that they have done. Apple has already clarified that their encryption system is of highest possible order. They have also clarified and issued a statement saying that this kind of advisory has been issued in 150 countries”.

What are Apple threat notifications?

According to the company, “Apple threat notifications are designed to inform and assist users who may have been targeted by state-sponsored attackers. These users are individually targeted because of who they are or what they do. Unlike traditional cybercriminals, state-sponsored attackers apply exceptional resources to target a very small number of specific individuals and their devices, which makes these attacks much harder to detect and prevent”.

Apple also highlights that carrying such attacks is a highly complex job, costs millions of dollars to develop, and often has a short shelf life.

Apple reacts to the row in India

Amid the commotion, Apple issued a statement on the issue. It said, “Apple does not attribute the threat notification to any specific state-sponsored attacker”. It also said that the attackers were very well-funded and sophisticated and that their attacks evolved over time.

It added, “Detecting such attacks relies on threat intelligence signals that are often imperfect and incomplete. It's possible that some Apple threat notifications may be false alarms, or that some attacks are not detected”.

At the same time, the tech giant refused to reveal the reason the alerts were sent out. "We are unable to provide information about what causes us to issue threat notifications, as that may help state-sponsored attackers adapt their behavior to evade detection in the future”.

It should also be noted that the same alert was sent to high-profile accounts in over 150 countries yesterday.