Apple has filed a lawsuit against the Israeli company NSO Group and its parent group for targeting and monitoring iPhone and Mac users with their Pegasus spyware. In an effort to protect its customers from further harm, the company seeks a permanent injunction to prohibit the NSO Group from using any of its products and services.
The NSO Group is behind many popular iPhone and Mac spyware that has been used to target and spy on journalists and other senior government officials. The lawsuit also provides more details about how the group’s FORCEDENTRY exploit was used to break into a victim’s phone and install the Pegasus spyware on it.
The NSO Group and its customers use the vast resources and capabilities of nation states to carry out highly targeted cyber attacks, giving them access to the microphone, camera and other sensitive data on Apple and Android devices. To deliver Coercive Intervention to Apple devices, attackers created Apple IDs to send malicious data to a victim’s device – enabling the NSO Group or its clients to deliver and install Pegasus spyware without a victim’s knowledge. Although Apple’s servers were abused to provide FORCEDENTRY, they were not hacked or compromised in the attacks.
Apple will inform the small amount of iPhone users who were attacked using the FORCEDENTRY exploit. It will do the same for all future state-sponsored spyware attacks that it detects.
Apple highlights in its press release that researchers found that other mobile platforms had 15 times more malware infections than the iPhone, with only 2 percent of malware being targeted at iOS devices. In addition, Apple has included several new security protections in iOS 15, and the company has “not observed any evidence of successful remote attacks against devices running iOS 15.”
Apple also intends to support the Citizen Lab team with pro-bono technical, threat intelligence and technical assistance. It will also contribute $ 10 million and any compensation awarded it from the lawsuit to organizations working in cyber-surveillance research and advocacy.