Following a growing list of troubling reports surrounding the Israeli NSO Group in recent years, Apple announced on Tuesday that it filed a lawsuit against the company over its “surveillance and targeting of Apple users.” For years, NSO Group has been selling its Pegasus spyware to governments that use it to monitor journalists, activists, academics, and more. Using Pegasus, authoritarian governments have been able to remotely access data on iPhone and Android devices.
Apple sues NSO Group over Pegasus spyware
In a press release this week, Apple revealed that it would provide new information on NSO Group’s FORCEDENTRY exploit. That exploit took advantage of a vulnerability that allowed bad actors to hack into a victim’s iPhone and install Pegasus. Citizen Lab first discovered the exploit last year. Apple has since patched the vulnerability, but not before Pegasus was used to attack Apple users.
As Apple notes, NSO Group used the resources of entire countries to conduct targeted cyberattacks. They were able to access cameras, microphones, and sensitive data on Apple and Android devices. In order to use FORCEDENTRY, the attackers made Apple IDs to send malicious data to a victim’s iPhone. This allowed whoever was behind the hack to install Pegasus without the victim’s knowledge. Apple says the attackers weren’t able to hack into or compromise its servers.
Apple’s senior vice president of Software Engineering, Craig Federighi, shared this statement:
State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change. Apple devices are the most secure consumer hardware on the market — but private companies developing state-sponsored spyware have become even more dangerous. While these cybersecurity threats only impact a very small number of our customers, we take any attack on our users very seriously, and we’re constantly working to strengthen the security and privacy protections in iOS to keep all our users safe.
How Apple and others are responding
The company also took the opportunity to talk up security improvements in iOS 15. Apple says that while the Pegasus spyware continues to evolve, it has not seen any signs of successful remote attacks on devices runnings iOS 15 or later. In all likelihood, there aren’t any nation-states looking to hack into your phone’s camera. But it’s yet another reminder to keep your software up to date.
Apple says that it will notify any users that may have been targeted by FORCEDENTRY. Going forward, Apple plans to notify users any time it discovers evidence of a state-sponsored spyware attack.
“At Apple, we are always working to defend our users against even the most complex cyberattacks. The steps we’re taking today will send a clear message: In a free society, it is unacceptable to weaponize powerful state-sponsored spyware against those who seek to make the world a better place,” said Ivan Krstić, head of Apple Security Engineering and Architecture. “Our threat intelligence and engineering teams work around the clock to analyze new threats, rapidly patch vulnerabilities, and develop industry-leading new protections in our software and silicon. Apple runs one of the most sophisticated security engineering operations in the world, and we will continue to work tirelessly to protect our users from abusive state-sponsored actors like NSO Group.”
Apple’s announcement dropped just weeks after the US government added NSO Group to the Entity List. The government adds companies to the list that pose a risk to national security or foreign policy interests. By targeting journalists and activists, NSO Group clearly qualifies for the list.