Blog maker

Apple sues Israeli spyware maker NSO over Pegasus spyware

Apple on Tuesday announced that it has sued Israel’s NSO group for using its spyware Pegasus to attack Apple devices, the latest move in a growing global campaign against surveillance abuse against smartphone users.

The lawsuit, which seeks an injunction against NSO to prevent it from using any Apple software, service or device, comes after the July publication of The Pegasus Project by The Washington Post and 16 other news outlets that detailed the use of Pegasus in dozens of attacks. against journalists, human rights defenders and political activists in countries around the world.

The NSO Group has repeatedly denied the findings of Project Pegasus, but has also been rocked by a series of government and other actions based on the consortium’s findings, including a move by the U.S. government earlier this month to put the blacklisted business.

NSO’s “notorious hackers” are “21st century amoral mercenaries who have created highly sophisticated cyber surveillance mechanisms that invite routine and blatant abuse,” the lawsuit said.

The complaint was filed in the Northern District of California. NSO did not respond to a request for comment on Tuesday.

Apple’s move follows a similar lawsuit filed by Facebook-owned messaging service WhatsApp in 2019 that accused NSO of targeting 1,400 of its users with spyware. A U.S. appeals court ruled this month that the lawsuit can be brought.

In announcing its lawsuit, Apple highlighted a particular attack on iPhones called FORCEDENTRY that had been discovered by researchers at Citizen Lab, who have long worked to detail the abuse of Pegasus, which NSO Group says is licensed for use. dozens of military, intelligence and law enforcement personnel. agencies around the world. Apple released a patch for the vulnerability shortly thereafter.

“State-sponsored players like the NSO Group are spending millions of dollars on sophisticated surveillance technology without effective accountability. That has to change, ”said Craig Federighi, senior vice president of software engineering at Apple, in a blog post announcing the lawsuit.

“Apple devices are the most secure consumer hardware on the market, but private companies that develop state-sponsored spyware have become even more dangerous,” he wrote. “Although these cybersecurity threats affect only a very small number of our customers, we take any attack against our users very seriously and are constantly working to strengthen the security and privacy protection in iOS to ensure safety. of all our users. “

One of the findings of Project Pegasus was that iPhones, despite their reputation for high security compared to other smartphones, had weaknesses that the NSO Group had learned to exploit to spread spyware to target phones.

In some cases, NSO customers have delivered Pegasus so stealthily that users have not received any alerts and need not take any action for an infection to be triggered on their devices. Once inside, the malware turned smartphones into sophisticated spy devices, revealing their locations, communications, images and other information.

The lawsuit accuses NSO of allowing its customers to target US citizens, despite the company’s pledge that its spyware “cannot be used to conduct cyber surveillance in the United States.”

Apple also said it is donating $ 10 million to support cybersecurity researchers and spyware advocates.

NSO suffered a series of devastating blows in the months following the Project Pegasus investigation. This month, after the Commerce Department added the company to its red-flagged “entity list”, NSO’s new chief executive announced his resignation after just two weeks in the post.

The company also faces significant financial risks. Moody’s rating agency downgraded the company on Monday, saying it faced “increased risk” of default on hundreds of millions of dollars in debt.

In recent months, an internal investigation has uncovered traces of Pegasus spyware in the phones of five French ministers. And in the UK, a High Court judgment last month confirmed that the phones of Princess Haya, the ex-wife of the ruler of Dubai, as well as those of her legal and security advisers had been targeted by ‘a Pegasus hack.

The White House raised concerns with the Israeli government over NSO spyware in July. Beyond the Commerce Department’s blacklist, members of Congress have also pushed for tougher financial penalties and other measures to tackle spyware abuse.

US Special Operations Command Central has apologized for the confusion over a misleading post on its official Twitter account on April 21, 2021 (Pixabay)