Apple has joined WhatsApp and Meta in suing the Israeli-based NSO Group for its Pegasus malware. The business said today that it is suing the NSO Group to “curb the abuse of state-sponsored malware.” In this case, Apple is seeking monetary damages (which were not disclosed in today’s notice) as well as a ban on the NSO Group using any “Apple software, services, or devices” in the future.
Apple is concentrating its efforts on state-sponsored spyware.
The NSO Group is responsible for a zero-click attack known as FORCED ENTRY, which uses an integer overflow vulnerability to install the Pegasus spyware on personal devices, according to Apple‘s announcement of the lawsuit today. Apple cites a Citizen Lab report from September as proof that the NSO Group is spying on “journalists, activists, dissidents, academics, and government officials” through Pegasus, infringing on human rights in the process.
While Apple has patched the flaw and claims that Pegasus was only used to attack a “limited number” of people, the idea that the NSO Group has been using the software to spy on political opponents, journalists, and academics on behalf of Israel is hugely concerning.
“State-sponsored actors, such as the NSO Group, spend millions of dollars on advanced monitoring technologies without being held accountable. In today’s release, Apple SVP of software engineering Craig Federighi stated, “That needs to change.” “While Apple gadgets are the safest consumer electronics on the market, private corporations that manufacture state-sponsored malware have grown even more harmful.” While these cybersecurity risks only affect a small percentage of our customers, we take any assault on our users seriously, and we’re always working to improve iOS’ security and privacy measures to keep all of our users secure.”
Apple isn’t the only company fighting NSO Group.
This case appears to be a line in the sand for Apple. In an interview with The New York Times this week, Apple’s chief of security engineering and architecture said, “If you do this, if you weaponize our software against innocent users, researchers, dissidents, activists, or journalists, Apple will give you no quarter.”
Apple, WhatsApp, and Meta aren’t the only ones pursuing the NSO Group. Not only did Microsoft, Google, and Cisco support the Meta (then-Facebook) lawsuit against the group, but the US government has also taken notice of these zero-click attacks. According to the New York Times, the Biden administration has blacklisted both NSO Group and another company, Candiru, which means that no US-based organization can cooperate with either company.
Apple announced today that it would donate $10 million, plus any damages resulting from the lawsuit, to “organisations conducting cybersurveillance research and activism,” such as Citizen Lab and Amnesty Tech. The business also claims that it hasn’t seen any evidence of remote attacks on devices running iOS 15 or later, so if you’re still on an older version of iOS, it sounds like applying any available software upgrades is a good idea.
The corporation will contact those who have been affected by the Pegasus malware and zero-click attacks. We’ll also keep you informed about this case, as well as any others the NSO Group may face from US-based corporations.