2 min read

Apple Sues Spyware Maker NSO Group over Pegasus iPhone Hacks

Filip TRUȚĂ

November 24, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Apple Sues Spyware Maker NSO Group over Pegasus iPhone Hacks

Apple is hitting NSO Group with a lawsuit alleging that the Israeli tech firm, through its Pegasus spyware, has enabled extensive state-sponsored hacking of its iOS devices. The company also announced plans to hand out $10 million to infosec partners fighting cybersurveillance abuses.

“NSO Group and its clients devote the immense resources and capabilities of nation-states to conduct highly targeted cyberattacks, allowing them to access the microphone, camera, and other sensitive data on Apple and Android devices,” according to the suit, filed in the US District Court for the Northern District of California.

Researchers and journalists say NSO has a track record of putting highly effective tools in the wrong hands, allegedly letting oppressive regimes spy on their people. Its Pegasus spyware has systematically exploited weaknesses in Apple’s iOS operating system to snoop on journalists, activists, dissidents, academics and government officials, according to Apple.

The latest exploit, dubbed FORCEDENTRY in the infosec community, lets bad actors compromise an unpatched device with no interaction from the victim. The zero-click hack exploits a weakness in Apple’s Messages app, and has been typically delivered as a PDF file disguised as a GIF file to inject JBIG2-encoded data to provoke an integer overflow and circumvent message sandboxing.

Apple claims NSO abused both its hardware and software, as well as its services, to develop, test and deploy Pegasus.

“To deliver FORCEDENTRY to Apple devices, attackers created Apple IDs to send malicious data to a victim’s device — allowing NSO Group or its clients to deliver and install Pegasus spyware without a victim’s knowledge. Though misused to deliver FORCEDENTRY, Apple servers were not hacked or compromised in the attacks,” according to the Cupertino-based company.

Apple appropriately credits Citizen Lab, a research group at the University of Toronto, for originally identifying the exploit in question. It also commends Amnesty Tech “for their groundbreaking work to identify cybersurveillance abuses and help protect victims,” according to the press release.

Craig Federighi, Apple’s senior vice president of Software Engineering, says NSO spends millions on developing surveillance tools “without effective accountability.” While such attacks only impact a small number of users, Apple feels it’s important to act.

The company notes that, while Pegasus continues to evolve, there is no evidence of successful remote attacks against devices running iOS 15 and current versions of the underlying iPhone OS. Apple urges customers to get onto the latest version if they haven’t done so already.

As part of today’s announcement, Apple says it will also donate $10 million, and any damages it may obtain from the lawsuit, to organizations pursuing cyber-surveillance research and advocacy.

Bitdefender Mobile Security detects Pegasus on both iOS and Android as the spyware attempts to infect the device. Be sure to enable Web Protection by tapping the icon on the bottom navigation bar of Bitdefender Mobile Security.

As a general rule, only install apps only from legitimate sources, make sure you have the latest OS updates and security patches, enable a lock screen, and check on a regular basis which apps have admin rights on your device.

tags


Author



Right now

Top posts

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read
Why and how to hide your IP address while traveling

Why and how to hide your IP address while traveling

April 13, 2022

2 min read
How Bitdefender Can Help Restore Your Privacy in the Digital Age

How Bitdefender Can Help Restore Your Privacy in the Digital Age

April 04, 2022

3 min read
How Strong is VPN Encryption?

How Strong is VPN Encryption?

February 28, 2022

3 min read
Top Three Ways Internet Users Unknowingly Help Cybercriminals

Top Three Ways Internet Users Unknowingly Help Cybercriminals

February 25, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

1.8 Million Texans Caught in TDI Data Breach 1.8 Million Texans Caught in TDI Data Breach
Silviu STAHIE

May 20, 2022

1 min read
Your Identity is Being Traded on The Internet Every 2.5 Minutes Your Identity is Being Traded on The Internet Every 2.5 Minutes
Radu CRAHMALIUC

May 20, 2022

3 min read
Malware and PUA Campaigns Abuse Existing Apps, Here’s a Top 10 to Watch Out For Malware and PUA Campaigns Abuse Existing Apps, Here’s a Top 10 to Watch Out For
Silviu STAHIE

May 19, 2022

3 min read