Apple sues NSO Group for abusing state-sponsored Pegasus spyware

Pierluigi Paganini November 24, 2021

Apple has filed suit to ban the Israeli surveillance firm NSO Group and parent company Q Cyber Technologies from using its product and services.

Apple has sued NSO Group and its parent company Q Cyber Technologies in a U.S. federal court for illegally targeting its customers with the surveillance spyware Pegasus.

According to the lawsuit, NSO Group is accountable for hacking into Apple’s iOS-based devices using zero-click exploits. The software developed by the surveillance firm was used to spy on activists, journalists, researchers, and government officials.

Apple also announced it would support with a contribution of $10 million to the academic research in unmasking the illegal surveillance activities

“Apple today filed a lawsuit against NSO Group and its parent company to hold it accountable for the surveillance and targeting of Apple users. The complaint provides new information on how NSO Group infected victims’ devices with its Pegasus spyware. To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices.” reads the announcement published by Apple.

The legal action aims at permanently preventing the infamous company from breaking into any Apple software, services, or devices.

Apple also plans to notify and assist users of state-sponsored attacks. The IT giant will display a “Threat Notification” in case the users will be targeted by nation-state actors, the messages will be displayed when the users sign into[.]com, the company will also send an email and iMessage notification to the email addresses and phone numbers associated with the users’ Apple IDs.

“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change,” said Craig Federighi, Apple’s senior vice president of Software Engineering. “Apple devices are the most secure consumer hardware on the market — but private companies developing state-sponsored spyware have become even more dangerous. While these cybersecurity threats only impact a very small number of our customers, we take any attack on our users very seriously, and we’re constantly working to strengthen the security and privacy protections in iOS to keep all our users safe.”

The complaint includes details about the NSO Group’s FORCEDENTRY exploit that was used to target multiple users and drop the latest version of NSO Group’s Pegasus.

Threat actors leveraged two zero-click iMessage exploits to infect the iPhones with spyware, respectively known as 2020 KISMET exploit and FORCEDENTRY.

The latter exploit was discovered by Citizen Lab researchers, it is able to bypass the “BlastDoor” sandbox introduced early this year in iOS to block iMessage zero-click exp

“On information and belief, after obtaining Apple IDs, Defendants executed the FORCEDENTRY exploit first by using their computers to contact Apple servers in the United States and abroad to identify other Apple devices. Defendants contacted Apple servers using their Apple IDs to confirm that the target was using an Apple device. Defendants would then send abusive data created by Defendants through Apple servers in the United States and abroad for purposes of this attack.” reads the complaint. “The abusive data was sent to the target phone through Apple’s iMessage service, disabling logging on a targeted Apple device so that Defendants could surreptitiously deliver the Pegasus payload via a larger file. That larger file would be temporarily stored in an encrypted form unreadable to Apple on one of Apple’s iCloud servers in the United States or abroad for delivery to the target”

Early this month, the U.S. sanctioned four companies for the development of surveillance malware or the sale of hacking tools used by nation-state actors, including NSO Group. NSO Group and Candiru are being sanctioned for the development and sale of surveillance software used to spy on journalists and activists. 

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Pegasus)

[adrotate banner=”5″]

[adrotate banner=”13″]

you might also like

leave a comment