Now Apple has followed WhatsApp and its parent company Meta (formerly known as Facebook) to sue spyware maker Pegasus NSO Group. In addition to promising new information on how NSO Group infected targeted iPhones via a clickless exploit that researchers later dubbed ForcedEntry, Apple said it was “seeking a permanent injunction to ban NSO Group from using any Apple software, service or device “.
Senior Vice President of Software Engineering Craig Federighi did not mention the sleepover this time around, but said in a statement: “State-sponsored players like the NSO Group are spending millions dollars in sophisticated surveillance technology without effective accountability. That must change … Apple devices are the most secure consumer hardware on the market, but the private companies that develop publicly funded spyware have become even more dangerous. Apple and WhatsApp aren’t the only ones lobbying NSO Group in court, as last year tech companies including Microsoft and Google filed a brief in support of Facebook’s lawsuit.
Pegasus spyware is designed to allow governments to remotely access a phone’s microphones, cameras and other data on iPhone and Android, according to Apple’s press release. It’s also designed to be able to infect phones without any user action and without leaving a trace, according to reports released earlier this year by a coalition of journalists called the Pegasus Project and the Apple Complaint.
Apple also cites reports that the spyware has been used against journalists, activists and politicians, despite claims by NSO that its government customers are prohibited from using spyware against such targets. . It’s understandable that Apple, the “what happens on your iPhone stays on your iPhone” company, is unhappy with the use of its devices and services to commit what it calls “human rights violations.” man “.
Heather Grenier, senior director of trade litigation at Apple, said in a statement to The New York Times the lawsuit is supposed to be a “stake in the ground, to send a clear signal” that the company will not allow its users to suffer “this type of abuse”. Part of Apple’s argument made in the complaint (PDF) is that NSO violated Apple’s terms of service because the group created “over one hundred” Apple IDs to help it send data to Apple. targets.
The court has personal jurisdiction over the defendants because, based on information and beliefs, they created over a hundred Apple IDs to conduct their attacks and also accepted Apple’s iCloud terms and conditions ( “ICloud Terms”), including a mandatory and enforceable forum selection. and exclusive jurisdiction clause which constitutes express consent to the jurisdiction of this Court
In Apple’s complaint, he explains how the attack worked – using the Apple IDs he created, NSO would send data to a target via iMessage (after determining that they were using an iPhone), which has been maliciously designed to disable iPhone logging. This would then allow NSO to secretly install the Pegasus spyware and control what was collected on the phone. Apple says the specific vulnerability used by NSO has been fixed in iOS 14.8, which you can read more about here. The summary is that NSO was sending files that exploited a bug in the way iMessage rendered GIFs and PDFs.
Apple said in its press release that, thanks to the security enhancements in iOS 15, it “has not seen any evidence of successful remote attacks against devices running iOS 15 and later.” When Project Pegasus released its reports in July, Amnesty International said the latest versions of iOS (back then iOS 14.6) were susceptible to attack.
For more information on the reports made on Pegasus, its abilities and potential targets, check out our explainer.
In addition to its lawsuit against NSO, Apple has said it will support “organizations pursuing cyber surveillance research and advocacy”, both financially and with technical resources. The company says it will distribute $ 10 million (plus any damages it gets from its lawsuit) to groups working on counter-surveillance, and in its press release pledges to provide “free assistance. technical, threat intelligence, and engineering “to Citizen Lab, a group of researchers who participated in Project Pegasus and who helped Apple uncover and correct NSO exploits. Apple also says it will do the same for other organizations “as appropriate.”
NSO was recently added to the list of US entities, which limits the ways in which US companies can sell or supply their technology to the company. According to a report by the MIT Technology Review, the sanction was seriously damaging both to the morale of NSO Group employees and to the company’s ability to do business. The report says the company must seek permission from the U.S. government to purchase items such as Windows laptops and iPhones, and the government said its default decision would be to deny those requests.
Updated November 23 at 3:36 p.m. ET: Added context on sanctions against NSO and alleged misuse of Pegasus.