MY KOLKATA EDUGRAPH
ADVERTISEMENT
regular-article-logo Sunday, 03 November 2024

Government’s cybersecurity agency CERT-In starts probe into issue of Apple threat notification

Indian Computer Emergency Response Team is the national nodal agency for responding to computer security incidents as and when they occur

Our Special Correspondent New Delhi Published 03.11.23, 10:00 AM

The government's cyber-security agency CERT-In has sent a notice to Apple and has started the probe following state-sponsored hacking alert received by several opposition MPs in their iPhones, IT Secretary S Krishnan said.

Krishnan today confirmed that notice has been sent to Apple. "CERT-In has started its probe... they (Apple) will cooperate in this probe," Krishnan told reporters on the sidelines of an event related to the Meity-NSF research collaboration.

ADVERTISEMENT

Indian Computer Emergency Response Team or CERT-In is the national nodal agency for responding to computer security incidents as and when they occur.

Asked if notices had been sent to Apple, the IT Secretary answered in the affirmative.

Sources said the government has sought more information from Apple, including the location from where the hack was attempted, the time at which the hack was tried, IP addresses, and whether the attacker was able to hack into the devices, or not.

Data showed that CERT-IN had detected and flagged 28 cases of vulnerabilities in the company’s products between January and October this year.

Sources said that notices with regard to these vulnerabilities were sent to Apple, requiring action on its part. The vulnerabilities flagged by CERT-IN related to multiple Apple products such as Apple iOS, iPadOS, Apple iTunes, Apple macOS, Apple Safari, Apple tvOS, watchOS, etc.

“Multiple vulnerabilities are found in Apple products, which could allow an attacker to execute arbitrary code, bypass security restrictions, gain access to sensitive information, data manipulation,” read the advisories issued by CERT-IN.

To protect personal data and security breaches, the agency strongly recommended that users to install the latest updates for iOS, macOS, tvOS, watchOS, and Safari.

It was not that such vulnerabilities were detected only in Apple products. Overall, around 300 such cases were detected by the agency during the period, involving other manufacturers and their products.

The Minister of State for Electronics and IT Rajeev Chandrasekhar had earlier this week said that the government wants Apple to clarify if its devices are secure and why 'threat notifications' were sent to people in over 150 countries, given the company's repeated claims about its products being designed for privacy.

The government will investigate the threat notifications and also Apple's claims of being secure and privacy-compliant devices, Chandrasekhar had penned in a post on X (formerly Twitter) on Tuesday, after several opposition leaders claimed 'state-sponsored' attack notification were sent to them from Apple and the government ordered a probe.

IT Minister Ashwini Vaishnaw has categorically rejected the opposition's attack on the government, saying "compulsive critics" were indulging in the politics of "distraction", as they could not tolerate the country's progress under the PM's Narendra Modi leadership.

Several opposition leaders on Tuesday claimed they have received an alert from Apple warning them of "state-sponsored attackers trying to remotely compromise" their iPhones and alleged hacking by the government.

Those who received such notifications included Congress chief Mallikarjun Kharge, party leaders Shashi Tharoor, Pawan Khera, K C Venugopal, Supriya Shrinate, T S Singhdeo and Bhupinder S Hooda; Trinamool Congress MP Mahua Moitra, CPI(M) general secretary Sitaram Yechury and SP chief Akhilesh Yadav.

Shiv Sena (UBT) MP Priyanka Chaturvedi, Aam Aadmi Party's Raghav Chadha, AIMIM president Asaduddin Owaisi and some aides of Congress MP Rahul Gandhi also received the notification.

Yechury and Chaturvedi wrote to Prime Minister Narendra Modi, while Moitra shot off a missive to Lok Sabha Speaker Om Birla, raising concerns over the issue and demanding action.

iPhone-maker Apple Inc in a statement earlier had reacted to the claims of Opposition leaders, saying it is possible that some threat notifications may be false alarms and some attacks may not be detected. It, however, refused to say what triggered warnings received by opposition leaders.

"Apple does not attribute the threat notifications to any specific state-sponsored attacker," the firm had said in a statement on October 31.

State-sponsored attackers, it had said, are "very well-funded and sophisticated, and their attacks evolve over time".

"Detecting such attacks relies on threat intelligence signals that are often imperfect and incomplete. It's possible that some Apple threat notifications may be false alarms, or that some attacks are not detected," it said.

Apple had further said: "We are unable to provide information about what causes us to issue threat notifications, as that may help state-sponsored attackers adapt their behaviour to evade detection in the future,"

The Cupertino, California-headquartered company had sent the threat notifications to individuals in nearly 150 countries.

Follow us on:
ADVERTISEMENT
ADVERTISEMENT