Likhita Banerji, Amnesty International’s Researcher and Advisor on Technology and Human Rights, responded to reports of Apple sending a new round of threat notifications globally, including to Indian opposition leaders and journalists, noting that their iPhones may have been targeted by “state-sponsored attackers”:
“This most recent round of Apple threat notifications confirms that state-actors around the world continue to target human rights defenders, journalists, and politicians with highly intrusive surveillance. A shameful lack of accountability and transparency has contributed to an atmosphere of impunity, resulting in what appears to be yet another surveillance scandal, despite repeated controversies and revelations.
Apple threat notifications confirm that the abuse of highly invasive spyware by state-actors around the world continues unabated
“In India, civil society organizations, journalists, and activists have historically been subject to unlawful and unfettered surveillance. Spyware technology has been used to clamp down on human rights and impede freedom of assembly and expression. In this climate, the multiple reports of prominent journalists and opposition leaders receiving Apple notifications in the months preceding state and national general elections are especially concerning. Unlawful surveillance cannot be allowed to persist.
“Amnesty International reiterates its demand that all governments immediately prohibit the use of highly intrusive spyware that cannot be independently audited or its functionality limited. Relevant independent authorities must promptly and objectively investigate the Apple security notifications. The exploitation of spyware technology must end.”
On 31 October 2023, Apple sent threat notifications to at-risk individuals in multiple countries, including India, warning them that “state-sponsored attackers” were targeting their Apple devices and accounts. Since November 2021, Apple has sent multiple rounds of such threat notifications. In previous instances, subsequent forensic investigations have confirmed that many individuals notified by Apple have indeed been targeted and infected by spyware such as Pegasus.
Amnesty International and Citizen Lab disclosed in 2020 how human rights defenders were the target of a coordinated malware operation employing commercially available malware.
Amnesty International disclosed in 2021, as part of the Pegasus project, that civil society and journalists in India were targeted and infected by NSO Group’s Pegasus spyware. Following the Pegasus Project revelations, the Supreme Court of India established a technical committee to investigate software abuses.
The committee concluded their investigation in 2022, but the court has not released the report’s findings. The court also noted that the Indian authorities “did not cooperate” with the investigations of the technical committee.
Amnesty International’s Security Lab will continue to monitor and support civil society organizations around the world that have received the latest Apple security notifications. Contact us for digital forensics assistance if you are a human rights defender, activist, or journalist who has received such an alert.