A Thai rapper vowed not to be silenced on Thursday after he and at least five other government critics received messages from Apple warning that state-sponsored hackers could be targeting their phones.
The US tech giant warned the Thai activists that, if successful, the hackers could remotely access their data and even the camera and microphone on their iPhones.
The warnings came as Apple sued NSO Group, the Israeli spyware maker at the centre of the Pegasus surveillance scandal, seeking to block it from targeting iPhones.
Dechathorn “Hockhacker” Bamrungmuang, from the Rap Against Dictatorship group, posted a screen grab of the message to his Facebook page late Wednesday.
“Apple believes you are being targeted by state sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID,” the message warned.
“These attackers are likely targeting you individually because of who you are or what you do.”
Dechathorn, who has previously been arrested for sedition but was later released, said he was “appalled” by the hacking attempt.
“We (Rap Against Dictatorship) will probably write a song about this,” Dechathorn told AFP.
“I think the state won’t stop at this.”
Rap Against Dictatorship took a high-profile role in the youth-led protests that shook Bangkok last year, demanding the resignation of Prime Minister Prayut Chan-O-Cha, who came to power in a 2014 coup.
Asked about the messages from Apple, Anucha Burapachaisri, deputy secretary-general to the prime minister, said: “If it is authentic, the Digital Economy and Society Ministry will look into this.”
Writer Sarinee Achavanuntakul, Thammasat University political scientist Prajak Kongkirati, film-maker Elia Fofi, and Yingcheep Atchanont, who works for a human rights law firm, all shared the same warnings on their social media pages.
The sixth target was believed to be a human rights lawyer, while local media reported that a further two activists and academics had been affected.
– ‘No click’ hack fears –
Sarinee wrote that it was terrifying the hack had exploited a system vulnerability to embed “spyware into the iPhone itself without the owner’s knowledge”.
The warnings posted by the activists looked genuine, but AFP has contacted Apple to try and confirm this.
It was not immediately clear whether the Thai warnings were linked to the Pegasus scandal, but on Tuesday Apple said it was notifying users it believed had been targeted.
The Pegasus spyware essentially turns smartphones into pocket spying devices, allowing the hacker to see the target’s messages and photos, track their location and turn on their camera without them knowing.
Fresh concerns were raised in September when Apple released a fix for a weakness allowing NSO’s spyware to infect devices without users clicking on a malicious message or link.
The so-called “zero-click” attack can silently corrupt the targeted device and was identified by researchers at Citizen Lab, a cybersecurity watchdog organisation in Canada.
Human rights groups have long criticised the Thai government for silencing, harassing and arresting critics.