2 min read

Apple Sues Spyware Maker NSO Group over Pegasus iPhone Hacks

Filip TRUȚĂ

November 24, 2021

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Apple Sues Spyware Maker NSO Group over Pegasus iPhone Hacks

Apple is hitting NSO Group with a lawsuit alleging that the Israeli tech firm, through its Pegasus spyware, has enabled extensive state-sponsored hacking of its iOS devices. The company also announced plans to hand out $10 million to infosec partners fighting cybersurveillance abuses.

“NSO Group and its clients devote the immense resources and capabilities of nation-states to conduct highly targeted cyberattacks, allowing them to access the microphone, camera, and other sensitive data on Apple and Android devices,” according to the suit, filed in the US District Court for the Northern District of California.

Researchers and journalists say NSO has a track record of putting highly effective tools in the wrong hands, allegedly letting oppressive regimes spy on their people. Its Pegasus spyware has systematically exploited weaknesses in Apple’s iOS operating system to snoop on journalists, activists, dissidents, academics and government officials, according to Apple.

The latest exploit, dubbed FORCEDENTRY in the infosec community, lets bad actors compromise an unpatched device with no interaction from the victim. The zero-click hack exploits a weakness in Apple’s Messages app, and has been typically delivered as a PDF file disguised as a GIF file to inject JBIG2-encoded data to provoke an integer overflow and circumvent message sandboxing.

Apple claims NSO abused both its hardware and software, as well as its services, to develop, test and deploy Pegasus.

“To deliver FORCEDENTRY to Apple devices, attackers created Apple IDs to send malicious data to a victim’s device — allowing NSO Group or its clients to deliver and install Pegasus spyware without a victim’s knowledge. Though misused to deliver FORCEDENTRY, Apple servers were not hacked or compromised in the attacks,” according to the Cupertino-based company.

Apple appropriately credits Citizen Lab, a research group at the University of Toronto, for originally identifying the exploit in question. It also commends Amnesty Tech “for their groundbreaking work to identify cybersurveillance abuses and help protect victims,” according to the press release.

Craig Federighi, Apple’s senior vice president of Software Engineering, says NSO spends millions on developing surveillance tools “without effective accountability.” While such attacks only impact a small number of users, Apple feels it’s important to act.

The company notes that, while Pegasus continues to evolve, there is no evidence of successful remote attacks against devices running iOS 15 and current versions of the underlying iPhone OS. Apple urges customers to get onto the latest version if they haven’t done so already.

As part of today’s announcement, Apple says it will also donate $10 million, and any damages it may obtain from the lawsuit, to organizations pursuing cyber-surveillance research and advocacy.

Bitdefender Mobile Security detects Pegasus on both iOS and Android as the spyware attempts to infect the device. Be sure to enable Web Protection by tapping the icon on the bottom navigation bar of Bitdefender Mobile Security.

As a general rule, only install apps only from legitimate sources, make sure you have the latest OS updates and security patches, enable a lock screen, and check on a regular basis which apps have admin rights on your device.

tags


Author



Right now

Top posts

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

Threat actors impersonate Canadian gas retailer to deliver malicious OneNote phishing campaign, Bitdefender Labs warns

January 26, 2023

2 min read
Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

Spammers phish eager vacationers with travel-themed lures, Bitdefender Antispam Lab warns

January 19, 2023

4 min read
Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

North Korean Hackers Tried to Launder $100 Million in Crypto Stolen in 2022 North Korean Hackers Tried to Launder $100 Million in Crypto Stolen in 2022
Silviu STAHIE

January 25, 2023

1 min read
Riot Games Compromised in Social Engineering Attack, Suspends All New Releases Riot Games Compromised in Social Engineering Attack, Suspends All New Releases
Silviu STAHIE

January 23, 2023

1 min read
Criminals Access More than 30,000 PayPal Accounts Criminals Access More than 30,000 PayPal Accounts
Silviu STAHIE

January 20, 2023

1 min read