November 23, 2021
Apple sues NSO Group to fight state-sponsored spyware abuse
Apple also announced a $10 million contribution to support cybersurveillance researchers and advocates.
CUPERTINO, CALIFORNIA Apple today filed a lawsuit against the NSO Group and its parent company to hold it responsible for monitoring and targeting Apple users. The complaint provides new information about how the NSO Group infected victims’ devices with its Pegasus spyware. To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to prohibit the NSO Group from using any Apple software, service or device.
The NSO Group creates sophisticated, state-sponsored surveillance technology that allows its highly targeted spyware to monitor its victims. These attacks only target a very small number of users and impact multiple platforms, including iOS and Android. Researchers and journalists have publicly documented a history of misuse of this spyware to target journalists, activists, dissidents, academics and government officials.1
“State-sponsored actors like the NSO Group are spending millions of dollars on sophisticated surveillance technologies without effective accountability. That has to change,” said Craig Federighi, Apple’s senior vice president of software engineering. “Apple devices are the most secure consumer hardware on the market, but private companies developing state-sponsored spyware have become even more dangerous. Although these cybersecurity threats only affect a very small number of our customers, we take any attacks on our users very seriously and are constantly working to strengthen the security and privacy protections in iOS to keep all of our users safe.
NSO Group FORCEDENTRY exploit
Apple’s legal complaint provides new information about NSO Group’s FORCEDENTRY, an exploit for a now patched vulnerability previously used to break into a victim’s Apple device and install the latest version of NSO Group’s spyware, Pegasus. The exploit was initially identified by the Citizen Lab, a research group at the University of Toronto.
Spyware has been used to attack a small number of Apple users around the world with dangerous malware and spyware. Apple’s lawsuit seeks to prohibit the NSO Group from further harming individuals by using Apple’s products and services. The lawsuit also seeks redress for NSO Group’s gross violations of US federal and state law resulting from its efforts to target and attack Apple and its users.
NSO Group and its customers devote the immense resources and capabilities of nation states to carry out highly targeted cyberattacks, allowing them to access microphone, camera and other sensitive data on Apple and Android devices. To deliver FORCEDENTRY to Apple devices, attackers created Apple IDs to send malicious data to a victim’s device, allowing NSO Group or its customers to supply and install Pegasus spyware without their knowledge. of the victim. Although misused to deliver FORCEDENTRY, Apple’s servers were not hacked or compromised in the attacks.
Apple makes the most secure mobile devices on the market and constantly invests in strengthening privacy and security protections for its users. For example, researchers found that other mobile platforms had 15 times more malware infections than the iPhone,2 and a recent study showed that less than 2% of mobile malware targets iOS devices.3
iOS 15 includes a number of new security protections, including significant upgrades to the BlastDoor security mechanism. While NSO Group spyware continues to evolve, Apple has observed no evidence of successful remote attacks against devices running iOS 15 and later. Apple urges all users to update their iPhones and always use the latest software.
“At Apple, we constantly strive to defend our users against even the most complex cyberattacks. The actions we take today will send a clear message: in a free society, it is unacceptable to use powerful state-sponsored spyware against those who seek to make the world a better place,” said Ivan Krstić, Head of Apple Security Engineering and Architecture: “Our threat intelligence and engineering teams work around the clock to analyze new threats, quickly patch vulnerabilities, and develop new industry-leading protections in our software and silicon. Apple runs one of the most sophisticated security engineering operations in the world, and we will continue to work tirelessly to protect our users from abusive state-sponsored actors like NSO Group.
Apple’s ongoing efforts to protect its users
Apple commends groups like Citizen Lab and Amnesty Tech for their groundbreaking work in identifying cyber-surveillance abuse and helping protect victims. To further bolster efforts like these, Apple will pay $10 million, plus all damages resulting from the lawsuit, to organizations pursuing cybersurveillance research and advocacy.
Apple will also support accomplished Citizen Lab researchers with pro bono technical, threat intelligence, and engineering assistance to aid their independent research mission and, where appropriate, offer the same assistance to other organizations performing work. criticism in this space.
“Mercenary spyware companies like NSO Group have facilitated some of the world’s worst human rights abuses and acts of transnational repression, while enriching themselves and their investors,” said Ron Deibert, editor of the Citizen University of Toronto Lab. “I commend Apple for holding them accountable for their abuses, and I hope that by doing so, Apple will help bring justice to all those who have been victimized by NSO Group’s reckless behavior.”
Apple is notifying the small number of users it has discovered who may have been targeted by FORCEDENTRY. Whenever Apple discovers activity consistent with a state-sponsored spyware attack, Apple notifies affected users in accordance with industry best practices.
Apple believes that privacy is a fundamental human right and that security is an ongoing concern for teams across the company. For years, Apple has led the industry with new protections to disrupt sophisticated attacks and defend its users, including features like Pointer Authentication Codes (PACs), BlastDoor, and Security Layer. page protection (PPL). For more information on Apple’s platform security, visit support.apple.com/guide/security/welcome/web.
Apple revolutionized personal technology with the introduction of the Macintosh in 1984. Today, Apple leads the world in innovation with the iPhone, iPad, Mac, Apple Watch and Apple TV. Apple’s five software platforms – iOS, iPadOS, macOS, watchOS and tvOS – deliver seamless experiences across all Apple devices and provide users with groundbreaking services including the App Store, Apple Music, Apple Pay and iCloud . Apple’s more than 100,000 employees are dedicated to making the best products on earth and leaving the world a better place than we found it.
- Citizen Lab, “NSO Group iMessage Zero-Click Exploit Captured in the Wild,” September 13, 2021.
- Nokia, “Threat Intelligence Report 2020”, 2020.
- PurpleSec, “Cybersecurity Statistics 2021: The Ultimate List of Stats, Data & Trends”, 2021.
Apple Media Phone Support