Apple Sues NSO Group for Pegasus Spyware Attacks on iPhones

Colin Thierry Colin Thierry
Published on: November 24, 2021

Apple is joining WhatsApp, and its parent company Meta (formerly known as Facebook), in a lawsuit against NSO Group, which is the developer of the Pegasus spyware. Apple said in a statement that it’s seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices.

Apple also said NSO Group used state-sponsored spyware to attack a small number of Apple users worldwide with dangerous malware and spyware. The NSO Group infected targeted iPhones via a zero-day, no-click exploit that researchers later called FORCEDENTRY.

Apple said that in order for NSO Group to deliver FORCEDENTRY to Apple devices, “attackers created Apple IDs to send malicious data to a victim’s device — allowing NSO Group or its clients to deliver and install Pegasus spyware without the victim’s knowledge. Though misused to deliver FORCEDENTRY, Apple servers were not hacked or compromised in the attacks.”

“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability,” Apple Senior VP of software engineering Craig Federighi said in a statement. “That needs to change. … Apple devices are the most secure consumer hardware on the market — but private companies developing state-sponsored spyware have become even more dangerous.”

Apple and WhatsApp aren’t the only ones clashing with NSO Group in court. In 2020, tech companies, including Microsoft and Google, also filed a brief supporting Facebook’s lawsuit.

Pegasus Spyware

Earlier in 2021, Amnesty International said it discovered recent-model iPhones belonging to journalists and human rights lawyers that were infected with Pegasus spyware.

Pegasus spyware is designed to let governments remotely access the microphone, camera, and other data on iPhone and Androids smartphones, according to Apple’s press release. It’s also designed to be able to infect phones without any trace or without needing any action from the user, according to Apple’s complaint and reports that came out earlier in 2021 from a journalistic coalition called the Pegasus Project.

Apple also cited reports that the spyware has been used against journalists, activists, and politicians, despite NSO Group’s claims that its governmental clients are forbidden from using the spyware against those sorts of targets.

Apple’s Lawsuit

Apple’s senior director of commercial litigation Heather Grenier told The New York Times the lawsuit is meant to be a “stake in the ground, to send a clear signal” that the company won’t allow its users to undergo “this type of abuse.” Part of Apple’s argument detailed in the complaint is that NSO Group violated Apple’s terms of service because the group created “more than one hundred” Apple IDs to help it send malicious data to targets.

Apple said that the specific vulnerability that NSO was using was patched in iOS 14.8. Apple added that, thanks to improvements it’s made to iOS 15 security, it “has not observed any evidence of successful remote attacks against devices running iOS 15 and later versions.”

About the Author

Colin Thierry
Colin Thierry
Cybersecurity researcher and journalist
Published on: November 24, 2021

About the Author

Colin Thierry is a cybersecurity researcher and journalist who has written a wide variety of content for the web over the past 2 years. In his free time, he enjoys spending time outdoors, traveling, watching sports, and playing video games.