Posts: 83 +8
Why it matters: California-based tech giant Apple has filed a federal case against the company responsible for deploying spyware identified in a recent security incident. In September, the University of Toronto-based Citizen Lab identified an iPhone vulnerability exploited by a well-known cybersecurity/cyberwarfare company. The Pegasus developer claims that their software has helped to save thousands of lives worldwide and stopped numerous crimes but is yet to provide the data to back that claim.
The suit was filed against the NSO Group and parent company Q Cyber Technologies, neither of which are strangers to making security headlines. The Israeli-based company is responsible for developing and deploying Pegasus, a mobile spyware application capable of reading text messages, tracking calls, collecting passwords, and tracking location on iOS and Android devices.
The suit is related to Apple's recent emergency updates, which were deployed after discovering a vulnerability in their iMessages application known as FORCEDENTRY. The exploit leverages an artifact known as CASCADEFAIL that prevents data and evidence from being completely deleted from a user's phone. According to Toronto's Citizen Lab, the vulnerability was attributed back to the NSO group after observing that the partial deletions only occurred in the presence of the Pegasus spyware.
According to Apple, NSO creates state-sponsored technologies used to conduct surveillance against users without alerting them that their data has been compromised. The lawsuit seeks to reclaim damages from the developer and prevent NSO from using any Apple-related products and services in the future. This injunction would help to prevent any further NSO spyware-related harm to Apple and iOS users. The lawsuit comes hot on the heels of a Ninth Circuit ruling that NSO and Q Cyber were not sovereign entities, thus making them vulnerable to a pending Facebook lawsuit.
Apple has pledged $10 million, in addition to any damages received from the suit, to continue funding cybersurveillance and advocacy groups such as the Citizen Lab and Amnesty Tech. These human rights organizations provide critical research and data that help to ensure freedom of expression and online privacy are not negatively impacted by digital espionage, various types of filtering, or any other technologies designed to affect an individual's online freedoms.
Image credit: Iphone lock screen by Youssef Sarhan