Laws and regulations

Apple sues NSO Group for abusing state-sponsored Pegasus spyware

Apple has filed suit to ban the Israeli surveillance firm NSO Group and parent company Q Cyber Technologies from using its product and services.

Apple has sued NSO Group and its parent company Q Cyber Technologies in a U.S. federal court for illegally targeting its customers with the surveillance spyware Pegasus.

According to the lawsuit, NSO Group is accountable for hacking into Apple’s iOS-based devices using zero-click exploits. The software developed by the surveillance firm was used to spy on activists, journalists, researchers, and government officials.

Apple also announced it would support with a contribution of $10 million to the academic research in unmasking the illegal surveillance activities

“Apple today filed a lawsuit against NSO Group and its parent company to hold it accountable for the surveillance and targeting of Apple users. The complaint provides new information on how NSO Group infected victims’ devices with its Pegasus spyware. To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices.” reads the announcement published by Apple.

The legal action aims at permanently preventing the infamous company from breaking into any Apple software, services, or devices.

Apple also plans to notify and assist users of state-sponsored attacks. The IT giant will display a “Threat Notification” in case the users will be targeted by nation-state actors, the messages will be displayed when the users sign into appleid.apple[.]com, the company will also send an email and iMessage notification to the email addresses and phone numbers associated with the users’ Apple IDs.

“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change,” said Craig Federighi, Apple’s senior vice president of Software Engineering. “Apple devices are the most secure consumer hardware on the market — but private companies developing state-sponsored spyware have become even more dangerous. While these cybersecurity threats only impact a very small number of our customers, we take any attack on our users very seriously, and we’re constantly working to strengthen the security and privacy protections in iOS to keep all our users safe.”

The complaint includes details about the NSO Group’s FORCEDENTRY exploit that was used to target multiple users and drop the latest version of NSO Group’s Pegasus.

Threat actors leveraged two zero-click iMessage exploits to infect the iPhones with spyware, respectively known as 2020 KISMET exploit and FORCEDENTRY.

The latter exploit was discovered by Citizen Lab researchers, it is able to bypass the “BlastDoor” sandbox introduced early this year in iOS to block iMessage zero-click exp

“On information and belief, after obtaining Apple IDs, Defendants executed the FORCEDENTRY exploit first by using their computers to contact Apple servers in the United States and abroad to identify other Apple devices. Defendants contacted Apple servers using their Apple IDs to confirm that the target was using an Apple device. Defendants would then send abusive data created by Defendants through Apple servers in the United States and abroad for purposes of this attack.” reads the complaint. “The abusive data was sent to the target phone through Apple’s iMessage service, disabling logging on a targeted Apple device so that Defendants could surreptitiously deliver the Pegasus payload via a larger file. That larger file would be temporarily stored in an encrypted form unreadable to Apple on one of Apple’s iCloud servers in the United States or abroad for delivery to the target”

Early this month, the U.S. sanctioned four companies for the development of surveillance malware or the sale of hacking tools used by nation-state actors, including NSO Group. NSO Group and Candiru are being sanctioned for the development and sale of surveillance software used to spy on journalists and activists. 

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Pegasus)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Dutch police dismantled dual dark web market ‘Bohemia/Cannabia’

Dutch police dismantled Bohemia/Cannabia, two major dark web markets for illegal goods, drugs, and cybercrime…

5 hours ago

Fidelity Investments suffered a second data breach this year

US-based financial services company Fidelity Investments warns 77,000 individuals of a data breach that exposed…

8 hours ago

SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 15

Security Affairs Malware newsletter includes a collection of the best articles and research on malware…

1 day ago

Security Affairs newsletter Round 493 by Pierluigi Paganini – INTERNATIONAL EDITION

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles…

1 day ago

Russia-linked group APT29 is targeting Zimbra and JetBrains TeamCity servers on a large scale

U.S. and U.K. cyber agencies warn that Russia-linked group APT29 is targeting vulnerable Zimbra and…

1 day ago

A cyber attack hit Iranian government sites and nuclear facilities

As Middle East tensions rise, cyberattacks hit Iran’s government branches and nuclear facilities, following Israel's…

2 days ago

This website uses cookies.