Apple Sues Spyware Maker NSO Group over Pegasus iPhone Hacks

Apple is hitting NSO Group with a lawsuit alleging that the Israeli tech firm, through its Pegasus spyware, has enabled extensive state-sponsored hacking of its iOS devices. The company also announced plans to hand out $10 million to infosec partners fighting cybersurveillance abuses.

“NSO Group and its clients devote the immense resources and capabilities of nation-states to conduct highly targeted cyberattacks, allowing them to access the microphone, camera, and other sensitive data on Apple and Android devices,” according to the suit, filed in the US District Court for the Northern District of California.

Researchers and journalists say NSO has a track record of putting highly effective tools in the wrong hands, allegedly letting oppressive regimes spy on their people. Its Pegasus spyware has systematically exploited weaknesses in Apple’s iOS operating system to snoop on journalists, activists, dissidents, academics and government officials, according to Apple.

The latest exploit, dubbed FORCEDENTRY in the infosec community, lets bad actors compromise an unpatched device with no interaction from the victim. The zero-click hack exploits a weakness in Apple’s Messages app, and has been typically delivered as a PDF file disguised as a GIF file to inject JBIG2-encoded data to provoke an integer overflow and circumvent message sandboxing.

Apple claims NSO abused both its hardware and software, as well as its services, to develop, test and deploy Pegasus.

“To deliver FORCEDENTRY to Apple devices, attackers created Apple IDs to send malicious data to a victim’s device — allowing NSO Group or its clients to deliver and install Pegasus spyware without a victim’s knowledge. Though misused to deliver FORCEDENTRY, Apple servers were not hacked or compromised in the attacks,” according to the Cupertino-based company.

Apple appropriately credits Citizen Lab, a research group at the University of Toronto, for originally identifying the exploit in question. It also commends Amnesty Tech “for their groundbreaking work to identify cybersurveillance abuses and help protect victims,” according to the press release.

Craig Federighi, Apple’s senior vice president of Software Engineering, says NSO spends millions on developing surveillance tools “without effective accountability.” While such attacks only impact a small number of users, Apple feels it’s important to act.

The company notes that, while Pegasus continues to evolve, there is no evidence of successful remote attacks against devices running iOS 15 and current versions of the underlying iPhone OS. Apple urges customers to get onto the latest version if they haven’t done so already.

As part of today’s announcement, Apple says it will also donate $10 million, and any damages it may obtain from the lawsuit, to organizations pursuing cyber-surveillance research and advocacy.

Bitdefender Mobile Security detects Pegasus on both iOS and Android as the spyware attempts to infect the device. Be sure to enable Web Protection by tapping the icon on the bottom navigation bar of Bitdefender Mobile Security.

As a general rule, only install apps only from legitimate sources, make sure you have the latest OS updates and security patches, enable a lock screen, and check on a regular basis which apps have admin rights on your device.