Apple has filed a lawsuit against Isreal-based NSO Group to hold it accountable for the “surveillance and targeting of Apple users”. Further, the tech giant is seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices.
The complaint calls the NSO group “amoral 21st-century mercenaries”. It says the firm has created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse. It alleges that NSO Group used its FORCEDENTRY exploit to install the Pegasus spyware on Apple devices. Earlier, Canada-based Citizen Lab had determined that NSO used the vulnerability and infect the latest Apple devices with Pegasus.
Tl;dr- NSO Group and Pegasus
Pegasus is a spyware that attempts to intrude into a target’s phone through a spear-phishing campaign. Once a user clicks on a link that he receives on his phone through a text message or WhatsApp, or email, the link secretly installs spyware on the phone. After a successful installation, it creates a connection to its handler and transmits the desired information including messages, photos, location, and email.
A consortium of 17 international journalistic organizations published an investigative report in July, about the attempted and successful hacking of 37 smartphones belonging to journalists, government officials, and human rights activists around the world.
In India, media reports suggested that the surveillance targeted more than 300 mobile numbers, including that of two serving Ministers, three Opposition leaders, one sitting judge, journalists, and activists among others. Media reports suggested that Former Supreme Court judge Arun Mishra, lawyers of Nirav Modi, Christian Michael, Anil Ambani, multiple journalists, were chosen for surveillance using Pegasus.
When the issue reached the Supreme Court, it constituted an expert committee to investigate the allegations. A week after the judgment, the U.S. sanctioned the NSO group along with 3 similar companies. Following the blacklisting, the Israeli government, which controls the export of Pegasus, distanced itself from the issue.
No Effective Accountability
Citing research, Apple says Pegasus has a history of being used to target journalists, activists, dissidents, academics, and government officials. Apple’s senior vice president of Software Engineering Craig Federighi said:
“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change.”
He further added that Pegasus impacts a very small number of Apple’s customers. However, the company is working to strengthen the security and privacy protections in iOS to keep all its users safe.
In a press release, Apple said that the lawsuit also seeks to redress NSO Group’s flagrant violations of US federal and state law by such attacks. Speaking on the issue, the head of Apple Security Engineering and Architecture Ivan Krstić said:
“The steps we’re taking today will send a clear message: In a free society, it is unacceptable to weaponize powerful state-sponsored spyware against those who seek to make the world a better place”.
Apple is also notifying the small number of users that it found to be the victims of FORCEDENTRY.
In a similar case, WhatsApp, Inc. v. NSO Group Technologies Ltd., [No. 20-
16408 (9th Cir. Nov. 8, 2021)], the Ninth Circuit court recently held that NSO is not entitled to sovereign immunity.
You can read the full complaint here.