Apple has announced that it's suing NSO Group and its parent company so that they can be held accountable for targeting and using surveillance against Apple users. The NSO Group is responsible for creating state-sponsored surveillance technology that has been used against a small number of Apple users, such as journalists, activists, dissidents, academics, and government officials.
Through the lawsuit, Apple says that it’s seeking to prevent further harm to its users by getting a permanent injunction to ban the NSO Group from using Apple software, services, or devices. Apple’s complaint also brings more information, such as the FORCEDENTRY exploit, into the public domain.
Explaining the FORCEDENTRY exploit, Apple said:
"To deliver FORCEDENTRY to Apple devices, attackers created Apple IDs to send malicious data to a victim’s device — allowing NSO Group or its clients to deliver and install Pegasus spyware without a victim’s knowledge. Though misused to deliver FORCEDENTRY, Apple servers were not hacked or compromised in the attacks."
Commenting on the case, Apple’s senior vice president of Software Engineering, Craig Federighi, said:
“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change. Apple devices are the most secure consumer hardware on the market — but private companies developing state-sponsored spyware have become even more dangerous. While these cybersecurity threats only impact a very small number of our customers, we take any attack on our users very seriously, and we’re constantly working to strengthen the security and privacy protections in iOS to keep all our users safe.”
In the announcement, Apple also thanked groups including Citizen Lab and Amnesty Tech for helping to identify cybersurveillance abuses and said that it will contribute $10 million, plus any damages from the case, to help strengthen these efforts. Concerning Citizen Lab specifically, Apple will provide pro-bono technical, threat intelligence, and engineering assistance to aid their research.
While Apple devices are noted for being very safe due to them being locked down, Apple still urges all users to run the latest software on their iPhones. With iOS 15, for example, Apple updated the BlastDoor security mechanism to help stifle attacks from the likes of NSO Group. Apple has said it’s now contacting people who were affected by the FORCEDENTRY exploit so they can take the necessary measure to protect themselves and their information.