November 23, 2021
Apple is suing NSO Group to curb state-sponsored spyware abuse
Apple also announced a $ 10 million contribution to support cybersecurity researchers and advocates
CUPERTINO, CALIFORNIA Apple today filed a lawsuit against NSO Group and its parent company to make it responsible for monitoring and targeting Apple users. The complaint provides new information on how NSO Group infected victims ’devices with its Pegasus spyware. To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to prohibit the NSO Group from using any Apple software, services or devices.
The NSO Group creates sophisticated, state-sponsored surveillance technology that allows its highly targeted spyware to monitor its victims. These attacks are only aimed at a small number of users, and have an impact on people on many platforms, including iOS and Android. Researchers and journalists have publicly documented a history of this spyware that has been abused to target journalists, activists, dissidents, academics and government officials.1
“State-sponsored players like the NSO Group spend millions of dollars on sophisticated surveillance technology without effective accountability. It needs to change,” said Craig Federighi, Apple’s senior vice president of software engineering. . “Apple devices are the most secure consumer hardware on the market – but private companies that develop state-sponsored spyware have become even more dangerous. While these cybersecurity threats have an impact on only a small number of us. customers, we take every attack on our users very seriously, and we constantly work to enforce the protection of security and privacy in iOS to keep all our users safe. ”
Exploit FORCEDENTRY of the NSO group
Apple’s legal complaint provides new information about the NSO Group’s FORCEDENTRY, an exploit for a now-patched vulnerability previously used to penetrate a victim’s Apple device and install the latest version of the Group’s spyware product. NSO, Pegasus. The exploit was originally identified by the Citizen Lab, a research group at the University of Toronto.
Spyware has been used to attack a small number of Apple users worldwide with dangerous malware and spyware. Apple’s lawsuit seeks to prohibit the NSO Group from further harming individuals by using Apple’s products and services. The lawsuit also seeks redress for the NSO Group’s flagrant violations of U.S. federal and state law, stemming from its efforts to target and attack Apple and its users.
The NSO Group and its customers dedicate the immense resources and capabilities of nation-states to making highly targeted cyberattacks, allowing them to access the microphone, camera and other sensitive data on Apple and Android devices. To provide FORCEDENTRY to Apple devices, attackers created Apple IDs to send malicious data to the victim’s device – allowing NSO Group or its customers to supply and install Pegasus spyware without the victim’s knowledge. Although abused to provide FORCEDENTRY, Apple’s servers were not hacked or compromised in the attacks.
Apple makes mobile devices more secure on the market, and is constantly investing in enhancing privacy and security protection for its users. For example, researchers have found that other mobile platforms have 15 times more malware infections than the iPhone,2 and a recent study showed that less than 2 percent of mobile malware targets iOS devices.3
iOS 15 includes a number of new security features, including significant updates to the BlastDoor security mechanism. While the NSO Group’s spyware continues to evolve, Apple has not observed any evidence of successful remote attacks against devices running iOS 15 and later versions. Apple urges all users to update their iPhone and always use the latest software.
“At Apple, we have always worked to defend our users even against the most complex cyberattacks. The steps we are taking today will send a clear message: In a free society, it is unacceptable to arm a powerful state-sponsored spyware against those who seek to make the world a better place, ”said Ivan Krstić, head of Apple Security Engineering. and Architecture. “Our threat intelligence and engineering teams work 24 hours a day to analyze new threats, quickly patch vulnerabilities, and develop new cutting-edge protections in our software and silicon. Apple manages one of the most sophisticated security engineering operations in the world.” the world, and we will continue to work tirelessly to protect our users from abusive state-sponsored actors such as NSO Group.
Apple’s Continued Efforts to Protect Its Users
Apple praises groups such as Citizen Lab and Amnesty Tech for their groundbreaking work to identify cybersecurity abuses and help protect victims. To further efforts like these, Apple will contribute $ 10 million, as well as any damages from the cause, to organizations pursuing research and cybersecurity advocacy.
Apple will also support full researchers in the Citizen Lab with pro-bono technical assistance, threat intelligence, and engineering to help its independent research mission, and, where appropriate, offer the same assistance to other organizations doing critical work in this space.
“Mercenary spyware companies like NSO Group have facilitated some of the worst human rights abuses in the world and transnational acts of repression, while enriching themselves and their investors,” said Ron Deibert, director of the Citizen Lab at the University of Toronto. “I applaud Apple for holding it accountable for its abuses, and I hope that in doing so, Apple will help bring justice to all those who have been victims of the NSO Group’s reckless behavior.”
Apple has warned the small number of users it has discovered may have been targeted by FORCEDENTRY. Whenever Apple discovers activity in accordance with a state-sponsored spyware attack, Apple will notify affected users in accordance with industry best practices.
Apple believes that privacy is a fundamental human right, and security is a constant focus for teams across the company. For years, Apple has led the industry with new protections to disrupt sophisticated attacks and defend its users, including features such as pointer authentication codes (PACs), BlastDoor and Page Protection Path (PPL). For more information on the security of the Apple platform, visit support.apple.com/guide/security/welcome/web.
Apple revolutionized personal technology with the introduction of the Macintosh in 1984. Today, Apple leads the world in innovation with iPhone, iPad, Mac, Apple Watch and Apple TV. Apple’s five software platforms – iOS, iPadOS, macOS, watchOS and tvOS – provide seamless experiences across all Apple devices and enable people with innovative services including the App Store, Apple Music, Apple Pay and iCloud. More than 100,000 Apple employees are dedicated to making the best products on earth, and leaving the world better than we found them.
- Citizen Lab, “NSO Group iMessage Zero-Click Exploit Captured in the Wild,” September 13, 2021.
- Nokia, “Threat Intelligence Report 2020”, 2020.
- PurpleSec, “2021 Cyber Security Statistics: The Ultimate List of Stats, Data & Trends”, 2021.
Apple Media Helpline