Apple Sues NSO Group Over Pegasus Spyware

Apple has initiated legal action against NSO Group, the developer of the Pegasus spyware. The lawsuit seeks a permanent injunction to prohibit the spyware manufacturer from utilizing any Apple product or service.

Protecting Users from Abuse

According to an official statement, Apple is pursuing this injunction to safeguard its users from continued exploitation and potential harm. The company aims to prevent further malicious activity targeting individuals globally.

What is Pegasus Spyware?

NSO Group, an Israel-based firm, created Pegasus. This spyware grants governmental clients extensive access to a target’s device. This includes personal data, photographs, messages, and precise location tracking.

The spyware functions by exploiting previously unknown weaknesses within iPhone software. Initially, targets received malicious links via text message. However, Pegasus has evolved to silently compromise iPhones without any user interaction.

Government Use of Pegasus

Numerous authoritarian regimes are known to employ Pegasus. These include Bahrain, Saudi Arabia, Rwanda, the United Arab Emirates, and Mexico. Despite this, NSO Group consistently refrains from disclosing its customer base, citing confidentiality agreements.

Apple's Legal Strategy

Apple’s complaint, filed on Tuesday, intends to significantly impede NSO Group’s ability to identify and exploit vulnerabilities in iPhone software. This will make it harder to hack targeted devices.

Bypassing iPhone Security: BlastDoor and ForcedEntry

Earlier this year, researchers at Citizen Lab discovered that NSO Group had developed a new exploit capable of circumventing BlastDoor. BlastDoor is a security feature built into iPhone software designed to prevent attacks like those from NSO Group by filtering harmful payloads.

This vulnerability, termed a “zero-click” exploit because it requires no user interaction, was named ForcedEntry by Citizen Lab. Apple addressed this vulnerability in September, releasing a patch that affected all Apple devices.

Leveraging Apple Services

Apple asserts that NSO Group utilizes Apple’s own services to deliver its spyware. The requested permanent injunction seeks to prevent NSO Group from using any Apple services to launch attacks against individuals targeted by its governmental clients.

Apple's Commitment to Security

Ivan Krstić, Apple’s security chief, stated, “At Apple, we are always working to defend our users against even the most complex cyberattacks. The steps we’re taking today will send a clear message: In a free society, it is unacceptable to weaponize powerful state-sponsored spyware against those who seek to make the world a better place.”

He further emphasized Apple’s dedication to security, stating, “Our threat intelligence and engineering teams work around the clock to analyze new threats, rapidly patch vulnerabilities and develop industry-leading new protections in our software and silicon. Apple runs one of the most sophisticated security engineering operations in the world, and we will continue to work tirelessly to protect our users from abusive state-sponsored actors like NSO Group.”

Notification of Targeted Users

Apple has announced that it is notifying individuals known to have been targeted by the ForcedEntry exploit. The company also stated it will continue to inform users discovered to be targets of state-sponsored spyware.

Attempts to reach NSO Group via their media email address were unsuccessful, with the email being returned as undeliverable.