Apple has filed a lawsuit accusing NSO Group of infecting customers’ devices with spyware and seeking to ban the Israeli company from using Apple technology.
The technology giant alleged the NSO Group used a now-patched vulnerability to break into a victim’s Apple device and install the latest version of Pegasus, which was then used to attack a small number of Apple users worldwide with dangerous malware and spyware. Apple’s lawsuit seeks a permanent injunction to ban NSO Group from using any Apple software, services, or devices.
“The steps we’re taking today will send a clear message: In a free society, it is unacceptable to weaponise powerful state-sponsored spyware against those who seek to make the world a better place,” Ivan Krstic, head of Apple security engineering and architecture, said in a statement. “We will continue to work tirelessly to protect our users from abusive state-sponsored actors like NSO Group.”
To deliver the FORCEDENTRY exploit to Apple devices, the company alleges that NSO Group created Apple IDs to send malicious data to a victim’s device. This allowed NSO Group or its clients to deliver and install Pegasus spyware without a victim’s knowledge, according to Apple.
The attack allowed the NSO Group to access the microphone, camera, and other sensitive data on Apple devices, the company said. Apple servers were misused to deliver the FORCEDENTRY exploit but were not themselves hacked or compromised in the NSO Group attack, according to Apple.
“Thousands of lives were saved around the world thanks to NSO Group‘s technologies used by its customers,” an NSO Group spokesperson told CRN US in response to a request for comment on the Apple lawsuit. “Pedophiles and terrorists can freely operate in technological safe-havens, and we provide governments the lawful tools to fight it. NSO Group will continue to advocate for the truth.”
NSO Group’s attacks are aimed only at a very small number of users, impacting individuals across both the iOS and Android platforms, according to Apple. Researchers and journalists have publicly documented a history of the NSO Group’s spyware being abused to target journalists, activists, dissidents, academics, and government officials, Apple alleged.
“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change,” Apple Senior Vice President of Software Engineering Craig Federighi said in a statement. “While these cybersecurity threats only impact a very small number of our customers, we take any attack on our users very seriously.”
Apple said that it has spent thousands of hours investigating the NSO Group attacks, identifying the harm, diagnosing the extent of the impact and exploitation, and developing and deploying necessary repairs and patches. The NSO Group has been accused by Apple of deploying their Pegasus spyware through an exploit called FORCEDENTRY from at least February until September 2021.
“NSO’s malicious activities have exploited Apple’s products, injured Apple’s users, and damaged Apple’s business and goodwill,” Apple wrote in a 22-page complaint filed Tuesday in U.S. District Court for the Northern District of California.
FORCEDENTRY was first detected in March 2021 and is known as a “zero-click” exploit, meaning that it allowed NSO Group or their clients to hack into the victim’s device without any action or awareness by the victim, according to Apple. NSO Group created more than one hundred Apple IDs using Apple’s systems to be used in their deployment of FORCEDENTRY, according to the company.
NSO has revenue and earnings in the hundreds of millions of dollars from its spyware products and services and has been valued at approximately one billion US dollars, according to Apple. The spyware operator has asked for fees in excess of one hundred million dollars for a single license and charges tens of millions of dollars per customer for its product and services, Apple alleged.
“Defendants force Apple to engage in a continual arms race: Even as Apple develops solutions and enhances the security of its devices, Defendants are constantly updating their malware and exploits to overcome Apple’s own security upgrades,” Apple wrote in the complaint. “These constant recovery and prevention efforts require significant resources and impose huge costs on Apple.”