Apple files lawsuit against NSO Group over Pegasus spyware

·2-min read

Apple has launched a lawsuit against NSO Group, the maker of the nation-state spyware Pegasus, seeking a permanent injunction to prevent the spyware maker from using any Apple product or service.

In a statement, Apple said it's seeking the injunction to "prevent further abuse and harm to its users."

Israel-based company NSO Group develops Pegasus, spyware that gives its government customers near-complete access to a target’s device, including their personal data, photos, messages and precise location. The spyware works by exploiting previously unknown vulnerabilities in iPhone software. Many of those targeted, including journalists, activists and human rights defenders, received malicious links in text messages, but Pegasus more recently has been able to silently hack iPhones without any user interaction.

Several authoritarian governments are known to use Pegasus, including Bahrain, Saudi Arabia, Rwanda, the United Arab Emirates and Mexico; though, NSO has repeatedly declined to name or confirm its dozens of customers, citing non-disclosure agreements.

Apple's complaint, filed Tuesday, aims to make it far more difficult for NSO to find and exploit vulnerabilities in iPhone software to hack its targets.

Researchers at Citizen Lab found evidence earlier this year that NSO Group had developed a new exploit able to bypass new protections built into iPhone software, known as BlastDoor, which Apple designed in large part to prevent NSO-style attacks by filtering out malicious payloads that could be used to compromise a device. This so-called zero-click vulnerability — named as such because it doesn't require the victim to click any links to become infected — was dubbed ForcedEntry by Citizen Lab for its ability to skirt Apple's BlastDoor's protections. Apple patched the vulnerability in September after it was found to affect all Apple devices, not just iPhones.

Apple said that NSO uses Apple's own services to deliver its spyware. By seeking a permanent injunction, Apple wants to ban NSO from using any of its services to launch attacks against those targeted by its government customers.

“At Apple, we are always working to defend our users against even the most complex cyberattacks. The steps we’re taking today will send a clear message: In a free society, it is unacceptable to weaponize powerful state-sponsored spyware against those who seek to make the world a better place,” said Apple's security chief Ivan Krstić. "Our threat intelligence and engineering teams work around the clock to analyze new threats, rapidly patch vulnerabilities and develop industry-leading new protections in our software and silicon. Apple runs one of the most sophisticated security engineering operations in the world, and we will continue to work tirelessly to protect our users from abusive state-sponsored actors like NSO Group."

Apple said its notifying known victims targeted by the ForcedEntry exploit and said it notifies victims who it discovers have been targeted with state-sponsored spyware.

An email to NSO Group's media email was returned as undelivered.

Our goal is to create a safe and engaging place for users to connect over interests and passions. In order to improve our community experience, we are temporarily suspending article commenting