Apple has announced a lawsuit against NSO Group, the Israeli company responsible for the spyware known as Pegasus. In its press release, the Cupertino company wants to block NSO Group of the use of its products, software and services due to fraudulent use of them. And in addition, it seeks to compensate itself by requesting compensation that it will donate to civil groups for the defense of security and privacy.
Fraudulent use of Apple products
The NSO Group and its clients dedicate the vast resources and capabilities of nation states to highly targeted cyberattacks, enabling them to access microphone, camera, and other sensitive data on Apple and Android devices. To deliver FORCEDENTRY to Apple devices, the attackers created Apple ID accounts to send malicious data to the victim’s device, allowing NSO Group or its customers to send and install Pegasus spyware without the victim’s knowledge.
Apple indicates in its note that FORCEDENTRY is a exploit used on an already fixed vulnerability. This allowed access to the device and install Pegasus, the well-known hacking software of the Middle East firm. Apple clarifies that its servers were not hacked or affected in any way by these attacks.
Over the years, NSO Group software has been used by certain authoritarian states to infiltrate political dissidents and journalists. This was demonstrated a few months ago by a report by Amnesty International, where it was shown that Pegasus could infect devices with iOS 14.6.
Apple’s allegations against NSO Group seem too broad. But the fraudulent use of iMessage could be the key to the case for Cupertino to get a win, at least partial.
From hackers in a basement to taking on states armed to the teeth
“Companies like the state-funded NSO Group spend millions of dollars on sophisticated surveillance technology without any control. That must change. Apple devices are the most secure consumer products on the market, but private companies that create spyware funded by states have become even more dangerous “- Craig Federighi.
The problem for Apple is how the situation has changed. To face, say, a lone hacker in the basement from his home in a lost town to state-funded businesses. In between, there are also organized cybercriminals. But it is clear that having the support of a state is another story.
It is not just about access to implicit financing when paying for NSO Group services. Combining these spyware tools with everything that has a status at your disposal is the really worrying thing. And that is when the balance has become unbalanced.
That is why Apple intends to re-balance the battle with this demand. Aspire to NSO Group can’t use your products, services and software for your purposes. It is also a notice to other players tempted to imitate the success of the NSO Group.
Apple has indicated that is notifying the small number of users you discovered that they might have been affected by FORCEDENTRY. Likewise, it has announced a fund of 10 million dollars to contribute to the investigation of cyberattacks.