Apple has filed a lawsuit against NSO Group and its parent company in order to hold them accountable for targeting Apple users with spyware used for snooping.
In the lawsuit, Apple gives information on how NSO Group was able to get into the devices of iPhone owners. Apple is asking for a permanent injunction that would prevent NSO Group from using Apple products.
State-sponsored actors like the NSO Group spend millions of dollars on sophisticated technology without accountability. Craig Federighi is Apple's senior vice president of Software Engineering. Private companies developing state-sponsored spyware have become even more dangerous because Apple devices are the most secure consumer hardware on the market. We take any attack on our users very seriously, and we're constantly working to strengthen the security and privacy protections in iOS to keep all our users safe.
The NSO Group created and sold a program called "Pegasus" that was used to access the devices of journalists, lawyers, and human rights activists. Major hacks have been addressed in the latest versions of the software.
The zero-click FORCEDENTRY iMessage exploit that could allow for access to the camera, microphone, text messages, phone calls, emails, and more was addressed in the latest version of Apple's operating system. Apple engineers worked around the clock to come up with a fix for the problem, and additional security protections have been implemented to protect the Messages app.
Apple will notify those who were impacted by FORCEDENTRY if it finds activity consistent with a state-sponsored attack.
Everyone should update their phones and run the latest software after Apple said that it had not found evidence of successful remote attacks against users running the latest software. Ivan Krsti, Apple's security chief, said that the lawsuit is a signal that Apple will not stand for the use of weaponized spyware against those who seek to make the world a better place.
We are always working to protect our users from cyberattacks. Ivan Krsti, head of Apple Security Engineering and Architecture, said that the steps we're taking today will send a clear message: In a free society, it is unacceptable to weaponize powerful state-sponsored spyware against those who seek to make the world a better place. Our threat intelligence and engineering teams work around the clock to analyze new threats, patch vulnerabilities, and develop industry-leading new protections in our software. Apple runs one of the most sophisticated security engineering operations in the world, and we will continue to protect our users from abusive state-sponsored actors like NSO Group.
Apple plans to contribute $10 million to cybersurveillance research and advocacy organizations, in addition to filing a lawsuit against NSO Group. Apple will donate the damages from any lawsuit to the same cause, and will continue to support researchers at Citizen Lab with pro-bono technical, threat intelligence, and engineering assistance.
A massive data leak earlier this year confirmed widespread abuse of the NSO Group's software exploits, but the company claims that its software exploits have only been sold to "vetted" military, law enforcement, and intelligence agencies. NSO Group has been blacklisted by the U.S. government, and no American organization is allowed to work with it. A judge refused to dismiss a lawsuit from Facebook, which is against the company.