Techrecipe

Apple sues spyware company NSO Group

On November 23 (local time), Apple announced that it had sued the Israeli company NSO Group, which developed Pegasus, a spyware that attacks and monitors iPhone and Android device users.

The official statement says it is demanding a permanent ban from the NSO group, which bans the use of Apple’s software, services and devices to prevent further abuse and harm to users.

Pegasus spyware is not for personal use and is sold to governments and various organizations around the world. However, most of the countries where it was purchased are known for human rights violations, and there were reports in July of targeting human rights activists, lawyers and journalists around the world.

Apple’s vice president of software engineering, Craig Federighi, stresses that the company’s products are the safest consumer hardware on the market, but acknowledges the threat it poses after calling the NSO group a private company developing state-led spyware. What’s more, Federighi said attacks like Pegasus only affect a very small number of customers, suggesting that most of them are safe.

However, even a small number said that they take all attacks on users seriously, show that they value it, and are always working to strengthen iOS security and privacy protection.

As Apple explained, Pegasus is an attack vehicle that allows access to Apple and Android device microphones, cameras, and other confidential data. An attacker could use a fake Apple ID to send malicious data to a victim’s device and install Pegasus spyware without the user’s knowledge. The security research institute reported that Pegasus was a zero-click attack that did not require user interaction.

In the statement, Apple emphasized that its servers were not hacked or compromised in the attack. He also mentioned security improvements in iOS 15, such as the BlastDoor feature that protects user messages.

The NSO Group continues to evolve Pegasus, but according to Apple, there has been no evidence of successful remote attacks on devices running iOS 15 or later. It also advises all users to update their iPhones and always use the latest software. So far, Apple has not disclosed, but the vulnerability exploited by Pegasus is often blocked.

In addition to the lawsuit, Apple announced a $10 million donation to organizations working for cybersecurity. Previously, Apple had criticized Pegasus for saying that it meant that Pegasus was not a threat to the overwhelming majority of users, but the policy may have finally changed. Related information can be found here.