Apple has recently sent out a new wave of threat notifications to users globally, including Indian opposition leaders and journalists. These notifications indicate that their iPhones may have been targeted by “state-sponsored attackers”. Amnesty International has expressed grave concerns over the continuous abuse of invasive spyware by state actors, targeting human rights defenders, journalists, and politicians.
Likhita Banerji, Amnesty International’s Researcher and Advisor on technology and human rights, commented on the issue. She said, “This latest round of Apple threat notifications confirm that the abuse of highly invasive spyware by state-actors around the world continues unabated, targeting human rights defenders, journalists, and politicians. Despite repeated scandals and revelations, a shameful lack of accountability and transparency has contributed to an atmosphere of impunity, leading to what appears to be yet another surveillance scandal.”
Banerji further elaborated on the situation in India, stating, “In India, civil society organizations, journalists, and activists have previously faced unchecked and unlawful surveillance. Spyware technology has been used to clamp down on human rights and stifle freedom of assembly and expression. In this atmosphere, the multiple reports of prominent journalists and opposition leaders receiving the Apple notifications are particularly concerning in the months leading up to state and national general elections. Unlawful surveillance cannot be allowed to continue.”
Amnesty International has reiterated its call for an immediate ban on the use of highly invasive spyware that cannot be independently audited or limited in its functionality. The organization also urged for a prompt and impartial investigation into the Apple security notifications by relevant independent authorities.
Background and Previous Incidents
On 31 October 2023, Apple sent threat notifications to at-risk individuals in multiple countries, including India. These notifications warned users that their Apple devices and accounts were targeted by “state-sponsored attackers.” Apple has been sending such threat notifications since November 2021. Subsequent forensic investigations have confirmed that many individuals notified by Apple have indeed been targeted and infected by spyware such as Pegasus.
In 2020, Amnesty International and Citizen Lab revealed how human rights defenders were targeted in a coordinated malware operation using commercial off-the-shelf malware. In 2021, as part of the Pegasus project, Amnesty International unveiled how civil society and journalists in India were targeted and infected using NSO Group’s Pegasus spyware. Following these revelations, the Supreme Court of India set up a technical committee to investigate abuses involving the software, according to the Guardian.
In 2022, the committee concluded their investigation, but the court has not made the findings of the report public. The court further noted that the Indian authorities “did not cooperate” with the technical committee’s investigations.