Apple Sues Spyware-maker NSO Group, Notifies iOS Exploit Targets

Apple has filed a lawsuit against Pegasus spyware-maker NSO Group and its parent company for the targeting and spying of Apple users with surveillance tech.

The company says the state-sponsored attacks that used NSO’s spyware only targeted “a very small number” of individuals, across multiple platforms, including iOS and Android.

The exploits used to deploy NSO Group’s Pegasus spyware were used to hack and compromise the devices of high-profile targets such as government officials, diplomats, activists, dissidents, academics, and journalists worldwide.

For instance, NSO’s FORCEDENTRY exploit was used by state-backed attackers to break into Apple devices to install the latest version of Pegasus spyware, as revealed by the Citizen Lab in August.

“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change,” said Craig Federighi, Apple’s senior vice president of Software Engineering.

Also Read: Top 3 Common Data Protection Mistakes, Revealed

“At Apple, we are always working to defend our users against even the most complex cyberattacks,” added Ivan Krstić, head of Apple Security Engineering and Architecture.

“The steps we’re taking today will send a clear message: In a free society, it is unacceptable to weaponize powerful state-sponsored spyware against those who seek to make the world a better place.”

Defendants are notorious hackers—amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse. They design, develop, sell, deliver, deploy, operate, and maintain offensive and destructive malware and spyware products and services that have been used to target, attack, and harm Apple users, Apple products, and Apple. For their own commercial gain, they enable their customers to abuse those products and services to target individuals including government officials, journalists, businesspeople, activists, academics, and even U.S. citizens. — Apple’s complaint

Apple will also notify all future targets

“To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices,” Apple added.

Apple also said it’s notifying all the users it discovered to have been targeted by attackers using the FORCEDENTRY exploit.

The company added that it will alert other users who will be targeted in state-sponsored spyware attacks in the future, “in accordance with industry best practices.”

Apple will also contribute $10 million to organizations involved in cyber-surveillance research and advocacy, as well as any damages from this lawsuit.

Two years ago, Facebook also sued NSO Group for creating and selling a WhatsApp zero-day exploit used to infect devices belonging to high-profile targets, including government officials, diplomats, and journalists.

Also Read: The Financial Cost of Ransomware Attack

Key detail from the @Apple v NSO lawsuit: the spyware company doesn't just hack *phone handsets*

Their core biz & exploitation activity includes constant flagrant abuse of services & clouds.

Like Apple's iCloud servers.

Side effect: makes Apple's lawsuit a lot stronger. pic.twitter.com/eZvYz4T3oi

— John Scott-Railton (@jsrailton) November 23, 2021

NSO Group spyware used in high-profile attacks

The FORCEDENTRY attacks Apple sued the spyware company for today are part of a long string of reports documenting NSO Group’s Pegasus spyware being used to spy on journalists and human rights defenders (HRDs) around the world.

Pegasus, NSO Group’s spyware tool, is marketed by the company as surveillance software “licensed to legitimate government agencies for the sole purpose of investigating crime and terror.”

Citizen Lab revealed in 2018 they discovered some Pegasus licensees using the spyware for cross-border surveillance in countries with state security services with a history of abusive behavior.

Amnesty International and non-profit project Forbidden Stories also said in a separate July report that NSO Group’s spying tools were deployed on iPhones running Apple’s latest iOS release with the help of zero-click iMessage exploits targeting multiple iOS zero-days.

“While NSO Group spyware continues to evolve, Apple has not observed any evidence of successful remote attacks against devices running iOS 15 and later versions,” Apple said today.

“Apple urges all users to update their iPhone and always use the latest software.”