On Tuesday Apple announced it had filed a lawsuit against NSO Group and its parent company. The goal is to hold it accountable for creating and selling Pegasus spyware to governments.
Apple v NSO Group
Apple seeks a permanent injunction to stop NSO Group from using any Apple software, hardware, and services. The lawsuit also seeks redress for NSO Group’s flagrant violations of US federal and state law.
Pegasus makes use of vulnerabilities found in iPhones to target journalists, activists, dissidents, academics, and government officials. Craig Federighi, Apple’s senior vice president of Software Engineering:
State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change. Apple devices are the most secure consumer hardware on the market — but private companies developing state-sponsored spyware have become even more dangerous. While these cybersecurity threats only impact a very small number of our customers, we take any attack on our users very seriously, and we’re constantly working to strengthen the security and privacy protections in iOS to keep all our users safe.
FORCEDENTRY
The lawsuit also gives information on NSO Group’s FORCEDENTRY exploit. The now-patched flaw was used to install the Pegasus spyware on victims’ devices. It was originally identified by the Citizen Lab, a research group at the University of Toronto.
To deliver FORCEDENTRY to Apple devices, attackers created Apple IDs to send malicious data to a victim’s device — allowing NSO Group or its clients to deliver and install Pegasus spyware without a victim’s knowledge. Though misused to deliver FORCEDENTRY, Apple servers were not hacked or compromised in the attacks.
Apple will also support the accomplished researchers at the Citizen Lab with pro-bono technical, threat intelligence, and engineering assistance to aid their independent research mission, and where appropriate, will offer the same assistance to other organizations doing critical work in this space.
The company is notifying the small number of users that it discovered may have been targeted by FORCEDENTRY. Any time Apple discovers activity consistent with a state-sponsored spyware attack, it will notify the affected users in accordance with industry best practices.
Andrew:
I wondered whether or not Apple’s response to NSO Group (and any others) was going to be public or behind the scenes.
This is emphatically public, but necessary in order to engage a collective discussion, consultation and decisions on this element of cybersecurity; the interplay between state-sponsored and private use of state resources, and when to consider deployment of such craft by any actor, governmental or non-governmental, against citizens of multiple countries an act of hostility necessitating a response beyond that of industry alone.
Good stuff.