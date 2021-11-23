The NSO Group has repeatedly denied the conclusions of The Pegasus Project but also has been buffeted by a series of government and other actions based on the consortium’s findings, including a U.S. government decision earlier this month to blacklist the company.
NSO did not immediately respond to a request for comment on Tuesday.
Apple’s legal move follows a similar lawsuit by the Facebook-owned messaging service WhatsApp in 2019 that accused NSO of targeting 1,400 of its users with spyware. A U.S. appeals court ruled this month that the suit can proceed.
In announcing its lawsuit, Apple singled out a particular attack on iPhones called FORCEDENTRY that had been discovered by researchers for Citizen Lab, who long have worked to detail abuses of Pegasus, which NSO Group said is licensed to dozens of military, intelligence and law enforcement agencies around the world.
“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change,” said Craig Federighi, Apple’s senior vice president of Software Engineering, in a blog post announcing the lawsuit.
“Apple devices are the most secure consumer hardware on the market — but private companies developing state-sponsored spyware have become even more dangerous,” he wrote. “While these cybersecurity threats only impact a very small number of our customers, we take any attack on our users very seriously, and we’re constantly working to strengthen the security and privacy protections in iOS to keep all our users safe.”
Among the findings of The Pegasus Project was that iPhones, despite their reputation for strong security compared to some other smartphones, had weaknesses that the NSO Group had learned to exploit to deliver spyware to the phones of targets.
In some cases NSO customers delivered Pegasus in such a stealthy way that users got no alert and needed to take no action in order for an infection to begin on their devices. Once inside, the malware turned smartphones into sophisticated spying devices, revealing their locations, communications, pictures and other information.
Apple also said it was donating $10 million to support cybersecurity researchers and advocates against spyware.
This is a developing story. Please check back for updates.