Apple Aims to Cut Down on Spyware With Lawsuit Against NSO Group

by

Apple today announced that it has filed a lawsuit against Israeli firm NSO Group and its parent company with the aim of holding it accountable for targeting Apple users with spyware used for surveillance purposes.

nso israeli surveillance firm
In the lawsuit, Apple offers up information on how NSO Group infiltrated the devices of iPhone owners and how it utilized the Pegasus spyware to do so. Apple is asking for a permanent injunction that would ban NSO Group from using Apple software, services, or devices.

"State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change," said Craig Federighi, Apple's senior vice president of Software Engineering. "Apple devices are the most secure consumer hardware on the market -- but private companies developing state-sponsored spyware have become even more dangerous. While these cybersecurity threats only impact a very small number of our customers, we take any attack on our users very seriously, and we're constantly working to strengthen the security and privacy protections in iOS to keep all our users safe."

NSO Group created invasive spyware known as "Pegasus" that was sold to various world governments and was used to access the devices of journalists, lawyers, and human rights activists. Apple has been working on fixing exploits and has addressed major Pegasus-related hacks in iOS 14.6 and iOS 14.8.

With iOS 14.8, for example, Apple addressed a zero-click FORCEDENTRY iMessage exploit that could infect iOS devices with the Pegasus software, allowing for access to the camera, microphone, text messages, phone calls, emails, and more. Apple engineers worked around the clock to develop a fix, and additional BlastDoor security protections have been implemented in iOS 15 to protect the Messages app.

Those who were impacted by FORCEDENTRY will be notified by Apple, and going forward, Apple says any time that it finds activity consistent with a state-sponsored spyware attack, affected users will be informed.

Apple says that it has not found evidence of successful remote attacks against users running ‌iOS 15‌ and later updates, and that everyone should update their phones and run the latest software. Apple security chief Ivan Krstić said the lawsuit is a signal that Apple will not stand for the use of weaponized spyware against "those who seek to make the world a better place."

"At Apple, we are always working to defend our users against even the most complex cyberattacks. The steps we're taking today will send a clear message: In a free society, it is unacceptable to weaponize powerful state-sponsored spyware against those who seek to make the world a better place," said Ivan Krstić, head of Apple Security Engineering and Architecture. "Our threat intelligence and engineering teams work around the clock to analyze new threats, rapidly patch vulnerabilities, and develop industry-leading new protections in our software and silicon. Apple runs one of the most sophisticated security engineering operations in the world, and we will continue to work tirelessly to protect our users from abusive state-sponsored actors like NSO Group."

In addition to filing a lawsuit against NSO Group, Apple plans to contribute $10 million to organizations pursuing cybersurveillance research and advocacy. Apple will also donate the damages from any lawsuit to the same cause, and will continue to support researchers at Citizen Lab with pro-bono technical, threat intelligence, and engineering assistance.

NSO Group has claimed that its software exploits have only been sold to "vetted" military, law enforcement, and intelligence agencies for use against criminals and terrorists, but a massive data leak earlier this year confirmed widespread abuse of the spyware. As a result, NSO Group has been blacklisted by the U.S. government, and no American organization is allowed to work with it. The company is also facing a 2019 malware lawsuit from Facebook, which a judge earlier this week refused to dismiss.

Note: Due to the political or social nature of the discussion regarding this topic, the discussion thread is located in our Political News forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Top Rated Comments

metapunk2077fail Avatar
metapunk2077fail
6 days ago at 10:10 am
Chef's Kiss. Perfection.

Score: 30 Votes (Like | Disagree)
dguisinger Avatar
dguisinger
6 days ago at 10:15 am
I don't see this doing much to fix security. The best thing they could do is fix their problems in their bug bounty program and repair their relationship with security researchers who would rather sell the bugs back to Apple for fixing.
Score: 27 Votes (Like | Disagree)
Malus120 Avatar
Malus120
6 days ago at 10:19 am
This is nice to hear. Seriously **** the NSO group... For a supposedly major ally (and given what it's people have been through...) I really can't understand how Israel has let itself (and why the **** the USA lets it) become a major hub for high tech repression technology like this. The pitch is just terrible "our people suffered the worst repression, leading up to a genocide, and now we pioneer the tools repressive regimes use to do the same!"
Score: 21 Votes (Like | Disagree)
MrTangent Avatar
MrTangent
6 days ago at 10:51 am

That smells more than a little of antisemitism to me ?

https://en.wikipedia.org/wiki/Pegasus_(spyware)
Israel is a horrible country that has blood on its hands, forcing Palestinians out of their lands and homes. Call me an antisemite all you want, their government sucks and Israelis have become the fascists they profess to hate.
Score: 20 Votes (Like | Disagree)
DeepIn2U Avatar
DeepIn2U
6 days ago at 10:14 am
ROLMAO perfection. Miss the Chef! More memes needed.

This is where Apple should put their weight to get things done outside of their business that can have positive impact for ALL their users.
Score: 16 Votes (Like | Disagree)
RumorConsumer Avatar
RumorConsumer
6 days ago at 10:14 am
I hope this only builds from here.
Score: 14 Votes (Like | Disagree)
Read All Comments

Related Stories

apple security banner

Apple Outlines How It Will Notify Users Who Have Been Targeted by State-Sponsored Spyware Attacks

Tuesday November 23, 2021 8:15 pm PST by
Earlier today, Apple announced that it had filed suit against NSO Group, the firm responsible for the Pegasus spyware that has been used in state-sponsored surveillance campaigns in a number of countries. NSO Group seeks to take advantage of vulnerabilities in iOS and other platforms to infiltrate the devices of targeted users such as journalists, activists, dissidents, academics, and government...
Read Full Article73 comments
macbook pro sizes space gray

DoJ Arrests Hacker Involved With REvil Group That Stole Apple's MacBook Pro Schematics

Monday November 8, 2021 4:28 pm PST by
The United States Justice Department today announced that it has arrested Ukrainian Yaroslav Vasinskyi for his involvement with REvil, a group that executed ransomware attacks against businesses and government entities in the United States. REvil in April targeted Apple supplier Quanta Computer and stole schematics of the design of the 14 and 16-inch MacBook Pro models that were later...
Read Full Article95 comments
app store blue banner

Apple's Plan to Pay $100 Million to Settle Developer Lawsuit Gets Preliminary Approval From Judge

Wednesday November 17, 2021 1:10 pm PST by
Back in August, Apple said that it would pay out $100 million and make several changes to the App Store to settle a class-action lawsuit brought about by developers, and the settlement offer received preliminary approval yesterday from Judge Yvonne Gonzalez-Rogers, who is overseeing that case in addition to the Epic v. Apple lawsuit. Under the terms of the agreement, Apple will create a $100 ...
Read Full Article51 comments
macbook pro sizes space gray

Ransomware Group That Stole Apple's MacBook Pro Schematics Taken Offline in Multi-Country Operation

Thursday October 21, 2021 3:50 pm PDT by
Back in April, ransomware group REvil attacked Apple supplier Quanta Computer and was able to steal schematics outlining the design of the 14 and 16-inch MacBook Pro models that were announced earlier this week. The schematics did indeed leak the design of the new machines, and at the time, REvil threatened to release other documents should Apple not pay a ransom fee of $50 million by May 1. ...
Read Full Article67 comments
app store blue banner

U.S. Department of Justice Likely to File Antitrust Lawsuit Against Apple

Monday October 25, 2021 1:35 pm PDT by
The United States Department of Justice is accelerating its antitrust probe into Apple and there is increased likelihood that Apple will face an antitrust lawsuit, reports The Information. Citing internal sources with knowledge of the investigation, The Information says there has been a "flurry" of activity as the DOJ has continued to question Apple, its customers, and its competitors about...
Read Full Article193 comments
nso israeli surveillance firm

Apple's iOS 14.8 Update Fixes Zero-Click Exploit Used to Distribute Pegasus Spyware

Monday September 13, 2021 12:51 pm PDT by
Today's iOS 14.8 update addresses a critical vulnerability that Apple engineers have been working around the clock to fix, reports The New York Times. Last week, The Citizen Lab informed Apple about a new zero-click iMessage exploit targeting Apple's image rendering library. Called FORCEDENTRY, the exploit could infect an iPhone, iPad, Apple Watch, or Mac with the Pegasus spyware, providing...
Read Full Article134 comments
corellium

Apple Appeals Corellium Copyright Lawsuit Loss After Settling Other Claims

Tuesday August 17, 2021 7:23 pm PDT by
Back in December, Apple lost a copyright lawsuit against security research company Corellium, and today, Apple filed an appeal in that case, reports Reuters. The judge in the copyright case determined that Corellium was operating under fair use terms and that its use of iOS was permissible, throwing out several of Apple's claims. For those unfamiliar with Corellium, the software is designed...
Read Full Article46 comments
corellium

Apple and Corellium Agree on Settlement to Bring Lawsuit to an End

Tuesday August 10, 2021 11:36 pm PDT by
Apple this week dropped its long-standing lawsuit against Corellium, the security research company that provides security researchers with a replica of the iOS operating system, allowing them to locate possible security exploits within Apple's mobile operating system, The Washington Post reports. Apple filed a lawsuit against Corellium in 2019, claiming the security company was infringing...
Read Full Article30 comments
m1 macbook air 1

Apple Accused of False Marketing and Fraud Over M1 MacBook Display Issues

Wednesday September 15, 2021 1:37 pm PDT by
Apple is facing a new class-action lawsuit in the United States that accuses it of false or deceptive marketing for the M1-powered MacBook Pro and MacBook Air, fraudulent business practices, misconduct in customer support, and violation of consumer law. The lawsuit, filed this week in the Northern District of California, represents Apple customers across the United States who have faced...
Read Full Article204 comments
nso israeli surveillance firm

Report: Pegasus Spyware Sold to Governments Uses Zero-Click iMessage Exploit to Infect iPhones Running iOS 14.6

Monday July 19, 2021 12:35 am PDT by
Journalists, lawyers, and human rights activists around the world have been targeted by authoritarian governments using phone malware made by Israeli surveillance firm NSO Group, according to multiple media reports. An investigation by 17 media organizations and Amnesty International's Security Lab uncovered a massive data leak, indicating widespread and continuing abuse of the commercial...
Read Full Article122 comments