Apple Sues NSO Group Over Its Pegasus Spyware

Apple on Tuesday, 23rd of November 2021, sued NSO Group, an Israeli company, and the maker of nation-state spyware named Pegasus, that offers software to government organizations and law enforcement agencies, which in turn allows them to hack iPhones and access their contents, including texts and other communications. Along with intriguing new details about how NSO Group infected specific iPhones using a zero-click attack dubbed ‘ForcedEntry’ by researchers, Apple says it’s “seeking a permanent injunction to prevent NSO Group from utilizing any Apple software, services, or devices in the future.” It is also asking for more than $75,000 in damages.

The case serves as a warning to other spyware companies, according to Apple, “In a free society, it is unacceptable to weaponize strong state-sponsored spyware against innocent people and those who wish to make the world a better place,” Ivan Krstic, Apple’s head of security engineering and architecture, wrote in a tweet.

Apple, in a lawsuit filed in federal court in the Northern District of California, added  that NSO Group software allows “attacks, including from sovereign governments that pay hundreds of millions of dollars to target and attack a tiny fraction of users with information of particular interest to NSO’s customers,” and that it is not “ordinary consumer malware”

Pegasus malware allows government officials to have near-complete access to a target’s mobile device, including personal information, images, texts and can go as far as revealing the user’s specific location. It works by taking advantage of previously unknown flaws in iPhone software. Many individuals targeted, including journalists, activists, and human rights advocates, were sent malicious links in text messages, but Pegasus has recently been able to stealthily hack iPhones without the user’s knowledge.

Apple’s complaint explains how the assault worked: NSO would send information to a target via iMessage (after identifying that they were using an iPhone) that was fraudulently constructed to switch off the iPhone’s logging using the Apple IDs it created. This would allow NSO to install the Pegasus spyware invisibly and control the data acquired on the phone.  “We have not found any evidence of successful remote attacks against devices running iOS 15 and subsequent versions,” Apple states in a press release, citing enhancements to iOS 15 security. Amnesty International stated in July, when the Pegasus Project released its research, that the latest versions of iOS (at the time, iOS 14.6) were vulnerable to assault.

Several authoritarian governments, including Bahrain, Saudi Arabia, Rwanda, the United Arab Emirates, and Mexico, are reported to utilize Pegasus; however, NSO has consistently refused to name or confirm its dozens of customers, citing non-disclosure agreements.

“State-sponsored entities like the NSO Group spend millions of dollars on sophisticated monitoring technology without adequate accountability,” said Craig Federighi, Apple’s senior vice president of software engineering. That must be changed… Apple products are the safest consumer electronics on the market, but private corporations that create state-sponsored spyware have grown even more dangerous.”

According to Apple, the NSO Group fabricated Apple ID accounts and breached the iCloud terms of service to operate its spyware.

NSO Group is suspected of creating spyware with “0day” defects, or holes that Apple has yet to cure. When Apple resolves an attack, it ceases to be a zero-day vulnerability, and consumers can protect themselves by updating their iPhone software.

Amnesty International announced earlier this year that it had discovered evidence of a hacked iPhone 12 and got a leaked list of 50,000 phone numbers targeted by NSO Group spyware. Jamal Khashoggi, a Washington Post contributor who was assassinated in Turkey by killers working for Saudi Arabia is said to have had NSO Group software installed on his family and friends. NSO Group malware was also identified on the iPhones of a French human rights lawyer, a French activist, an Indian journalist, and a Rwandan activist, according to Amnesty International. In the United Kingdom, a High Court ruling last month revealed that the phones of Princess Haya, Dubai’s ex-wife, as well as her legal and security advisers, had been hacked by Pegasus.

Apple is not the only corporation to file a lawsuit against the NSO Group. On October 29, 2019, WhatsApp issued a statement saying that Pegasus, a product of the company, was used to access the phone systems of 1,400 users in 20 countries between April and May 2019. At least 100 of the 1,400 users were human rights campaigners, journalists, and other representatives of civil society from around the world.

WhatsApp, like Apple, sought a permanent injunction to prevent NSO from accessing its computer system and that of its parent firm, Facebook, now known as Meta. They further asked the court to rule that NSO’s alleged data hacking violated the federal Computer Fraud and Abuse Act as well as California Comprehensive Computer Data Access and Fraud Act, that they breached their contracts with WhatsApp, and that they “wrongfully trespassed” on Facebook’s property.

The NSO Group refutes these claims. They claimed that the main purpose of its organisation is to supply technologies to governments and law enforcement organizations to aid in the fight against terrorism and serious crimes.

Enjoyed this post? Never miss out on future posts by following us»