2 min read

Apple Sues Spyware Maker NSO Group over Pegasus iPhone Hacks

Filip TRUȚĂ

November 24, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Apple Sues Spyware Maker NSO Group over Pegasus iPhone Hacks

Apple is hitting NSO Group with a lawsuit alleging that the Israeli tech firm, through its Pegasus spyware, has enabled extensive state-sponsored hacking of its iOS devices. The company also announced plans to hand out $10 million to infosec partners fighting cybersurveillance abuses.

“NSO Group and its clients devote the immense resources and capabilities of nation-states to conduct highly targeted cyberattacks, allowing them to access the microphone, camera, and other sensitive data on Apple and Android devices,” according to the suit, filed in the US District Court for the Northern District of California.

Researchers and journalists say NSO has a track record of putting highly effective tools in the wrong hands, allegedly letting oppressive regimes spy on their people. Its Pegasus spyware has systematically exploited weaknesses in Apple’s iOS operating system to snoop on journalists, activists, dissidents, academics and government officials, according to Apple.

The latest exploit, dubbed FORCEDENTRY in the infosec community, lets bad actors compromise an unpatched device with no interaction from the victim. The zero-click hack exploits a weakness in Apple’s Messages app, and has been typically delivered as a PDF file disguised as a GIF file to inject JBIG2-encoded data to provoke an integer overflow and circumvent message sandboxing.

Apple claims NSO abused both its hardware and software, as well as its services, to develop, test and deploy Pegasus.

“To deliver FORCEDENTRY to Apple devices, attackers created Apple IDs to send malicious data to a victim’s device — allowing NSO Group or its clients to deliver and install Pegasus spyware without a victim’s knowledge. Though misused to deliver FORCEDENTRY, Apple servers were not hacked or compromised in the attacks,” according to the Cupertino-based company.

Apple appropriately credits Citizen Lab, a research group at the University of Toronto, for originally identifying the exploit in question. It also commends Amnesty Tech “for their groundbreaking work to identify cybersurveillance abuses and help protect victims,” according to the press release.

Craig Federighi, Apple’s senior vice president of Software Engineering, says NSO spends millions on developing surveillance tools “without effective accountability.” While such attacks only impact a small number of users, Apple feels it’s important to act.

The company notes that, while Pegasus continues to evolve, there is no evidence of successful remote attacks against devices running iOS 15 and current versions of the underlying iPhone OS. Apple urges customers to get onto the latest version if they haven’t done so already.

As part of today’s announcement, Apple says it will also donate $10 million, and any damages it may obtain from the lawsuit, to organizations pursuing cyber-surveillance research and advocacy.

Bitdefender Mobile Security detects Pegasus on both iOS and Android as the spyware attempts to infect the device. Be sure to enable Web Protection by tapping the icon on the bottom navigation bar of Bitdefender Mobile Security.

As a general rule, only install apps only from legitimate sources, make sure you have the latest OS updates and security patches, enable a lock screen, and check on a regular basis which apps have admin rights on your device.

tags


Author



Right now

Top posts

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds

December 21, 2021

2 min read
Online Shoppers Beware, Mobile Scams Are on the Rise

Online Shoppers Beware, Mobile Scams Are on the Rise

December 17, 2021

2 min read
The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Top Five Security Tips for Mac Users in 2022 Top Five Security Tips for Mac Users in 2022
Filip TRUȚĂ

January 19, 2022

4 min read
Safari browser bug can expose your browsing history, affects all platforms Safari browser bug can expose your browsing history, affects all platforms
Radu CRAHMALIUC

January 18, 2022

1 min read
Warning! Fake Nintendo Websites Try to Dupe You into Buying ‘Discounted’ Switch Warning! Fake Nintendo Websites Try to Dupe You into Buying ‘Discounted’ Switch
Filip TRUȚĂ

January 18, 2022

1 min read