Apple explains how it alerts targets of state-sponsored spyware attacks
Apple sues NSO Group over state-backed spyware
It even sheds new light on NSO’s surveillance methods.
Apple is more than a little angry at NSO Group for developing spyware tools. The iPhone maker has filed a lawsuit against NSO to “hold it accountable” for governments spying on and targeting Apple device users. In addition to punishing NSO, Apple also seeks to ban the surveillance software developer from using Apple products for future research.
Senior VP Craig Federighi acknowledged that NSO Group’s Pegasus spyware is only aimed at surveilling a small number of people on multiple platforms, including Android. However, Apple stressed that targets are frequently activists, journalists and other critics of regimes that routinely suppress political dissent. The company further accused NSO of “flagrant violations” of federal- and state-level laws in the US.
The lawsuit also sheds more light on NSO’s reported “FORCEDENTRY” exploit. According to Apple, intruders pushed FORCEDENTRY by creating bogus Apple IDs to send malicious code without alerting targets. Apple said its servers weren’t compromised in the process, but it clearly wasn’t happy that its account system was used for this surveillance.
Alongside the lawsuit, Apple is promising to donate $10 million (plus any lawsuit damages) toward groups advocating against or researching this kind of digital surveillance. It’s further promising free engineering, intelligence and technical help for FORCEDENTRY discoverer Citizen Lab and other organizations with similar goals.
We’ve asked NSO Group for comment. In the past, it has repeatedly maintained that it shuts off access to known abusers. It also denied that Pegasus was used to target murdered Saudi journalist Jamal Khashoggi. The Israeli firm has even gone on the offensive, hiring a libel attorney that accused investigators of ‘misinterpreting’ data and otherwise smearing NSO’s reputation.
NSO might not have many allies. WhatsApp, for instance, accused NSO of enabling attacks on government officials and rejected the Pegasus creator’s denials. The tech industry sees NSO as a threat to the privacy of its users (and thus its reputation), and it won’t be surprising if other companies support Apple’s case.
(17)