Apple announces the filing of a complaint in the United States against NSO Group which originated the spyware Pegasus sold to States and which targeted iPhone users. The Israeli company claims that its technology is intended to help government intelligence agencies and authorities empowered to fight terrorism and serious crime.
Pegasus has nevertheless been talked about again afterwards. revelations from a consortium of international media under the aegis of Forbidden Stories concerning the spying of journalists, activists, public figures or even politicians from various countries.
“ State-funded players like NSO Group spend millions of dollars on sophisticated surveillance technology without being held accountable. This has to change , “says Craig Federighi.
The vice president of software engineering at Apple points out that his group’s devices are the most secure on the market for the general public, and that only a very small number of Apple customers are affected by cybersecurity threats. An essential precision for the brand image of Apple.
For the Pegasus installation, a 0-day (no patch available) and 0-click (no user interaction) exploit in Apple’s iMessage messaging was used. Called FORCEDENTRY, it targeted Apple’s CoreGraphics image rendering library. For payload, files with .gif extension were actually PDF files.
The exploited vulnerability has been fixed in iOS 14. 8. Apple adds that although NSO Group spyware continues to evolve, no evidence of successful remote attacks has been observed against devices running iOS 14 and later versions
To deploy FORCEDENTRY, Apple specifies that attackers created Apple IDs in order to send malicious data to a victim’s device. However, Apple’s servers were not hacked or compromised during the attacks. According to Apple, NSO Group violated iCloud Terms of Service to exploit spyware.
Apple is embarking on the legal battle and more
In addition to a fight for the responsibility of NSO Group in the monitoring and targeting of Apple users, the Cupertino group is asking the American justice system to prohibit NSO Group from using any software, service or device of its brand.
Recall that the States United have already placed NSO Group on its blacklist with the ban on the use of American technologies for its activities. In addition, Pegasus has been a tool that has been known for a long time and not only for Apple products. WhatsApp has already taken legal action against NSO Group. The Meta subsidiary’s complaint had received broad support from high-tech giants … but not from Apple.
Apart from its legal complaint, Apple indicates that a contribution to height of 10 millions of dollars (in addition to damages obtained) will go to support organizations that conduct research on cyber surveillance. Technical assistance is also mentioned for the group of researchers at Citizen Lab who helped uncover the exploits of NSO Group. A way for Apple to heal its sometimes tense relationship with the computer security community.
“ Thousands of lives have been saved around the world thanks to the technologies of NSO Group used by its customers. Pedophiles and terrorists can act freely in technological shelters, and we are providing governments with the legal tools to fight them. NSO Group will continue to stand up for the truth “, responded a spokesperson for NSO Group (CNBC).