Apple sues NSO Group to curb the abuse of state-sponsored spyware

Apple also announced a $10 million contribution to support cyber surveillance researchers and advocates

Apple today filed a lawsuit against NSO Group and its parent company to hold it accountable for the surveillance and targeting of Apple users.

The complaint provides new information on how NSO Group infected victims’ devices with its Pegasus spyware. To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices.

NSO Group creates sophisticated, state-sponsored surveillance technology that allows its highly targeted spyware to surveil its victims.

These attacks are only aimed at a very small number of users, and they impact people across multiple platforms, including iOS and Android.

Researchers and journalists have publicly documented the history of this spyware being abused to target journalists, activists, dissidents, academics, and government officials.

“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability.

That needs to change,” said Craig Federighi, Apple’s senior vice president of Software Engineering.

“Apple devices are the most secure consumer hardware on the market — but private companies developing state-sponsored spyware have become even more dangerous.

While these cybersecurity threats only impact a very small number of our customers, we take any attack on our users very seriously, and we’re constantly working to strengthen the security and privacy protections in iOS to keep all our users safe.”

NSO Group’s FORCED ENTRY Exploit.

Apple’s legal complaint provides new information on NSO Group’s FORCED ENTRY, an exploit for a now-patched vulnerability previously used to break into a victim’s Apple device and install the latest version of NSO Group’s spyware product, Pegasus.

The exploit was originally identified by the Citizen Lab, a research group at the University of Toronto.

Check Apple vs NSO Complaint.

The spyware was used to attack a small number of Apple users worldwide with dangerous malware and spyware. Apple’s lawsuit seeks to ban NSO Group from further harming individuals by using Apple’s products and services. The lawsuit also seeks redress for NSO Group’s flagrant violations of US federal and state law, arising out of its efforts to target and attack Apple and its users.

NSO Group and its clients devote the immense resources and capabilities of nation-states to conduct highly targeted cyberattacks, allowing them to access the microphone, camera, and other sensitive data on Apple and Android devices.

To deliver FORCED ENTRY to Apple devices, attackers created Apple IDs to send malicious data to a victim’s device — allowing NSO Group or its clients to deliver and install Pegasus spyware without a victim’s knowledge.

Though misused to deliver FORCED ENTRY, Apple servers were not hacked or compromised in the attacks.

Apple makes the most secure mobile devices on the market and constantly invests in strengthening privacy and security protections for its users.

For example, researchers have found that other mobile platforms have 15 times more malware infections than iPhone, and a recent study showed that less than 2 percent of mobile malware targets iOS devices.

iOS 15 includes a number of new security protections, including significant upgrades to the BlastDoor security mechanism.

While NSO Group spyware continues to evolve, Apple has not observed any evidence of successful remote attacks against devices running iOS 15 and later versions.

Apple urges all users to update their iPhones and always use the latest software.

“At Apple, we are always working to defend our users against even the most complex cyberattacks. The steps we’re taking today will send a clear message:

In a free society, it is unacceptable to weaponize powerful state-sponsored spyware against those who seek to make the world a better place,” said Ivan Krstić, head of Apple Security Engineering and Architecture.

“Our threat intelligence and engineering teams work around the clock to analyze new threats, rapidly patch vulnerabilities, and develop industry-leading new protections in our software and silicon.

Apple runs one of the most sophisticated security engineering operations in the world, and we will continue to work tirelessly to protect our users from abusive state-sponsored actors like NSO Group.”

Apple’s Continuing Efforts to Protect Its Users.

Apple commends groups like the Citizen Lab and Amnesty Tech for their groundbreaking work to identify cyber-surveillance abuses and help protect victims.

To further strengthen efforts like these, Apple will be contributing $10 million, as well as any damages from the lawsuit, to organizations pursuing cyber-surveillance research and advocacy.

Apple will also support the accomplished researchers at the Citizen Lab with pro-bono technical, threat intelligence, and engineering assistance to aid their independent research mission, and where appropriate, will offer the same assistance to other organizations doing critical work in this space.

“Mercenary spyware firms like NSO Group have facilitated some of the world’s worst human rights abuses and acts of transnational repression while enriching themselves and their investors,” said Ron Deibert, director of the Citizen Lab at the University of Toronto. “I applaud Apple for holding them accountable for their abuses, and hope in doing so Apple will help to bring justice to all who have been victimized by NSO Group’s reckless behavior.”

Apple is notifying the small number of users that it discovered may have been targeted by FORCED ENTRY.

RELATED:

The US government has blacklisted the NSO Group (Pegasus spyware group)1.

Any time Apple discovers activity consistent with a state-sponsored spyware attack, Apple will notify the affected users in accordance with industry best practices.

Apple believes privacy is a fundamental human right, and security is a constant focus for teams across the company.

For years, Apple has led the industry with new protections to disrupt sophisticated attacks and defend its users, including features such as pointer authentication codes (PAC), BlastDoor, and the Page Protection Layer (PPL). For more information about Apple’s platform security, visit support.apple.com/guide/security/welcome/web.

credit: Apple

For more technology tips for your family, check out our other posts.

American companies are restricted from exporting their goods and services to NSO Group, the company that built Pegasus (Pegasus spyware group)

The US Department of Commerce has ordered American companies to not sell their tech to the Isreal Pegasus spyware group, citing reports that the group’s Pegasus spyware is used against journalists, government officials, activists, and more.

In its press release, the regulator says that the company is being added to the Entity List because its tool threatens “the rules-based international order” when its sold to repressive foreign governments.

Pegasus is a program designed to infect targets without notice, allowing police and intelligence agencies to get access to a phone’s text messages, photos, and passwords, all without leaving a trace. 

The Washington Post reported in July that the spyware could infect someone’s phone with a single, invisible text message: a target wouldn’t have to click on a link or take any action for their fully updated phone to be infected.

NSO’s Pegasus spyware was recently in the spotlight because of The Pegasus Project, a collection of journalists who revealed a list of names seemingly connected to the spyware.

That list included journalists, activists, heads of state, and others from across the globe, people that NSO says its software shouldn’t be used to target.

The Pegasus Project also analyzed a handful of journalists’ phones and found evidence that the spyware had been installed on them — almost certainly by a government agency, as NSO says those are the only clients it’ll sell its software and services to.

RELATED:

The Spy In Your Phone.

NSO’s Pegasus spyware: here’s what we know

Pegasus had made headlines before this year, too. Journalists in Mexico were reportedly targeted with the tool, WhatsApp sued NSO for using an exploit in the messaging app to hack people’s phones, and the FBI is said to have at least looked into the company in relation to Jeff Bezos’ phone being hacked.

The Department of Commerce says (pdf) that NSO being added to the entity list, which restricts US companies from exporting products to it because the company “poses a significant risk of being or becoming involved in activities that are contrary to the national security or foreign policy interests of the United States.”

This likely relates to US affairs outside its actual borders — NSO has said that its tool can’t be used to target American phone numbers, and the Department of Commerce and Pegasus Project haven’t contested that fact.

NSO isn’t the only company being added to the entity list on Thursday. Candiru, another Israeli IT firm that sells spyware (that’s reportedly used for similar purposes), is also being blacklisted.

The Department of Commerce cited two more companies — one from Russia and one from Singapore — that it says are involved in selling hacking tools.

For more technology tips for your family, check out our other posts.

The Spy In Your Phone.

REF: THEVERGE

Facebook tweeted “We’ve launched a one-click tool for people in Afghanistan to quickly lock down their account. When their profile is locked, people who aren’t their friends can’t download or share their profile photo or see posts on their timeline.”

4/ We’ve launched a one-click tool for people in Afghanistan to quickly lock down their account. When their profile is locked, people who aren’t their friends can’t download or share their profile photo or see posts on their timeline. pic.twitter.com/pUANh5uBgn

— Nathaniel Gleicher (@ngleicher) August 19, 2021

Nathaniel Gleicher, head of security policy at Facebook, has revealed in a series of tweets, that Facebook is taking to safeguard the citizens on its social media platform.

This feature allows people in Afghanistan to lock down their accounts.

The Taliban group is using several ways to push its messages on social media, despite being banned by YouTube and Facebook.

According to a BBC report “The hardline Islamist group has tried to reassure Afghans since seizing power in a lightning offensive, promising there would be “no revenge”.

But there are growing fears of a gap between what they say and what they do.“

Nathaniel Gleicher explained that People in Afghanistan will now have access to a one-click tool to lock down their Facebook accounts. “When their profile is locked, people who aren’t their friends can’t download or share their profile photo or see posts on their timeline”.

It also removed the ability for users to view and search “Friends” lists for Facebook accounts in Afghanistan, to protect people from being targeted, he added.

RELATED: Facebook Whatsapp Instagram suffer a worldwide outage

He also made mention of the step taken ” On Instagram, we’re rolling out pop-up alerts in Afghanistan with specific steps on how to protect your account”.