Apple v NSO Group
Apple seeks a permanent injunction to stop NSO Group from using any Apple software, hardware, and services. The lawsuit also seeks redress for NSO Group’s flagrant violations of US federal and state law.
Pegasus makes use of vulnerabilities found in iPhones to target journalists, activists, dissidents, academics, and government officials. Craig Federighi, Apple’s senior vice president of Software Engineering:
State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change. Apple devices are the most secure consumer hardware on the market — but private companies developing state-sponsored spyware have become even more dangerous. While these cybersecurity threats only impact a very small number of our customers, we take any attack on our users very seriously, and we’re constantly working to strengthen the security and privacy protections in iOS to keep all our users safe.
The lawsuit also gives information on NSO Group’s FORCEDENTRY exploit. The now-patched flaw was used to install the Pegasus spyware on victims’ devices. It was originally identified by the Citizen Lab, a research group at the University of Toronto.
To deliver FORCEDENTRY to Apple devices, attackers created Apple IDs to send malicious data to a victim’s device — allowing NSO Group or its clients to deliver and install Pegasus spyware without a victim’s knowledge. Though misused to deliver FORCEDENTRY, Apple servers were not hacked or compromised in the attacks.
Apple will also support the accomplished researchers at the Citizen Lab with pro-bono technical, threat intelligence, and engineering assistance to aid their independent research mission, and where appropriate, will offer the same assistance to other organizations doing critical work in this space.
The company is notifying the small number of users that it discovered may have been targeted by FORCEDENTRY. Any time Apple discovers activity consistent with a state-sponsored spyware attack, it will notify the affected users in accordance with industry best practices.