Apple files suit against the NSO Group for spying on iPhone users

Jimmy2x

Posts: 142   +11
Staff
Why it matters: California-based tech giant Apple has filed a federal case against the company responsible for deploying spyware identified in a recent security incident. In September, the University of Toronto-based Citizen Lab identified an iPhone vulnerability exploited by a well-known cybersecurity/cyberwarfare company. The Pegasus developer claims that their software has helped to save thousands of lives worldwide and stopped numerous crimes but is yet to provide the data to back that claim.

The suit was filed against the NSO Group and parent company Q Cyber Technologies, neither of which are strangers to making security headlines. The Israeli-based company is responsible for developing and deploying Pegasus, a mobile spyware application capable of reading text messages, tracking calls, collecting passwords, and tracking location on iOS and Android devices.

The suit is related to Apple's recent emergency updates, which were deployed after discovering a vulnerability in their iMessages application known as FORCEDENTRY. The exploit leverages an artifact known as CASCADEFAIL that prevents data and evidence from being completely deleted from a user's phone. According to Toronto's Citizen Lab, the vulnerability was attributed back to the NSO group after observing that the partial deletions only occurred in the presence of the Pegasus spyware.

According to Apple, NSO creates state-sponsored technologies used to conduct surveillance against users without alerting them that their data has been compromised. The lawsuit seeks to reclaim damages from the developer and prevent NSO from using any Apple-related products and services in the future. This injunction would help to prevent any further NSO spyware-related harm to Apple and iOS users. The lawsuit comes hot on the heels of a Ninth Circuit ruling that NSO and Q Cyber were not sovereign entities, thus making them vulnerable to a pending Facebook lawsuit.

Apple has pledged $10 million, in addition to any damages received from the suit, to continue funding cybersurveillance and advocacy groups such as the Citizen Lab and Amnesty Tech. These human rights organizations provide critical research and data that help to ensure freedom of expression and online privacy are not negatively impacted by digital espionage, various types of filtering, or any other technologies designed to affect an individual's online freedoms.

Image credit: Iphone lock screen by Youssef Sarhan

Permalink to story.

 

Hexic

Posts: 1,267   +1,996
TechSpot Elite
In other words:

“Apple sues company for actively proving and utilizing security vulnerabilities that Apple doesn’t want publicly flaunted - contrary to their public secure OS narrative.”

Sucks to suck guys.
 

Shadowboxer

Posts: 2,074   +1,654
In other words:

“Apple sues company for actively proving and utilizing security vulnerabilities that Apple doesn’t want publicly flaunted - contrary to their public secure OS narrative.”

Sucks to suck guys.
Lol. What actually is going on is “Apple sues cybersecurity firm for selling pegasus spyware to third parties that invades Apple users privacy”.

The NSO group has denied they are selling Pegasus to anyone but law enforcement and “authorised parties” but the university of Toronto discovered a third party using Pegasus to spy on a Saudi activist. And there have been other reports of Pegasus being used by the wrong people I believe.

In other words an Israeli cybersecurity firm has likely been corrupted and it’s software is compromised. Apple are doing us a service, they have even pledged to give the money to other cyber security companies. At this point you really can’t trust the NSO group.

Apple actually pay handsomely if you can find a security flaw in their software. They don’t usually sue you..

(I work in cyber security).
 

Hexic

Posts: 1,267   +1,996
TechSpot Elite
Lol. What actually is going on is “Apple sues cybersecurity firm for selling pegasus spyware to third parties that invades Apple users privacy”.

The NSO group has denied they are selling Pegasus to anyone but law enforcement and “authorised parties” but the university of Toronto discovered a third party using Pegasus to spy on a Saudi activist. And there have been other reports of Pegasus being used by the wrong people I believe.

In other words an Israeli cybersecurity firm has likely been corrupted and it’s software is compromised. Apple are doing us a service, they have even pledged to give the money to other cyber security companies. At this point you really can’t trust the NSO group.

Apple actually pay handsomely if you can find a security flaw in their software. They don’t usually sue you..

(I work in cyber security).
This spyware is deployed by either the user clicking a malicious link, or by utilizing zero-day vulnerabilities (I.e. holes in their OS integrity). The privacy being violated here is either by the user’s own hand, or by Apple’s own hand enabling holes in their OS.

As far as the Saudi activist in Toronto - are you referring to this instance?


Because if so, the “third party” involved here that utilized the spying on her device, was in fact the Saudi government. Exactly the “governmental entities” whom NSO claims they sell their software to.

As far as “other reports of Pegasus being used by the wrong people I believe” - that’s purely heresay, as well as the assumption that NSO is somehow compromised.

Apple isn’t happy that:
1) Someone is advertising that their OS isn’t this magical iron shield of protection
2) Someone other than Apple is making money off of their own security flaws.

Could Apple pay me handsomely for their bounty program? Sure, I could make a maximum of a $1M USD one-time payout for “Zero-click remote chain with full kernel execution and persistence, including kernel PAC bypass, on latest shipping hardware.”? Sure. Or, if I’m that good, I could get paid that multiple times over on a consistent basis working for someone like NSO group. Pretty easy choice.