Leaf&Core

Apple Sues NSO Group, Responsible for the Pegasus iOS Malware

Reading Time: 3 minutes.
An iPhone with green text that looks like code. It's not.

Don’t worry, that’s just hackertyper.net. It’s fun.

Apple’s finally striking back at the NSO Group, the Israeli firm best known for creating the Pegasus smartphone hacking malware. This spyware infected over 1,000 victims in 50 countries, largely women, activists, and journalists, targets of Saudi Arabia and other authoritarian regimes in the Middle East. The spyware could read content on the device, as well as activate the camera and microphone. Pegasus is supposed to be a tightly controlled hacking tool, only available to reputable law enforcement agencies for tracking criminals. NSO Group insists it still is. However, authoritarian nations used it to harass anyone who spoke out about them. In fact, many of NSO Group’s customers are nations with troubling histories on human rights.

NSO Group finds vulnerabilities in platforms and exploits them. It’s actually a common practice, though rarely done with the kind of impunity we’ve seen with the NSO Group. The dark web is full of tools used for hacking and bringing down websites. Hackers will often make an easy to use hacking tool, then sell it to others. Often those people will use the hacks to attack others, such as ransomware, which locks your device and encrypts its content until you fork over the money.

We’re not seeing something largely different from the NSO Group. They create hacks and sell them. However, they claim to only sell them to reputable buyers, like nations and law enforcement, and can pull the plug on users who misuse their product. It’s sometimes called “gray hat” hacking, because it lives in that murky area between abuse and legitimacy. However, Pegasus is now infamous for misuse. As a result, Apple’s doing what they’d do for any other hacker: going after them.

Wait, Hacked iPhones?

“Mercenary spyware firms like NSO Group have facilitated some of the world’s worst human rights abuses and acts of transnational repression, while enriching themselves and their investors”

– Ron Deibert, director of Citizen Lab at the University of Toronto

The last time Pegasus came up, I had a section on this, but to recap… mostly? The truth is, these hacks were highly targeted. Saudi Arabia and the UAE may have targeted people around assassinated journalist Jamal Khashoggi. Other victims included female journalists who reported on authoritarian nations’ rule. The point is, you likely weren’t a target.

However, if you were, an attack called FORCEDENTRY allowed attackers to install Pegasus without any interaction from the user. Apple has since patched that, but it’s possible to have Pegasus on your iPhone without knowing it. There is a tool for verifying that you don’t have Pegasus installed, but it’s a bit complex. If you’re familiar with the terminal or did much iOS tweaking in the past, you may have no difficulty with it. But if you’re like most people, you’ll want to follow those instructions closely.

You’re likely fine. However, at least 1,000 people were targeted simply for being politicians, activists, and journalists. Some of these attacks lead NSO Group to shut off access. NSO Group claims they shut off access to bad actors, but groups, including Amnesty International, have reportedly found over 1,000 victims of Pegasus who don’t fall under the definitions of “criminals.” At least not to non-authoritarian governments, anyway.

Apple’s Lawsuit

“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change.”

– Craig Federighi, Apple SVP of Software Engineering. You know, the one with the jokes and the hair.

Apple’s obviously mad. When I last wrote about this, I pointed out how the iPhone was no longer secure. That’s exactly the kind of brand perception Apple’s afraid of. Now Apple’s suing under the Computer Fraud and Abuse Act, breach of contract, as well as state and federal laws.

The reasoning behind the Computer Fraud and Abuse Act is likely be obvious, but the breach of contract is interesting and, frankly, a little funny. Someone didn’t read the terms and conditions. According to Apple, the NSO Group created at least 100 iCloud accounts in order to send iMessages to hack users’ phones. Therefore, they agreed to Apple’s contract, including not using their services for malicious purposes and agreeing to beholden to the law in Apple’s jurisdiction, California, United States.

An End to Sanctioned Hacking for Profit?

Apple’s looking to permanently ban NSO Group from their hardware, software, and services. They also want the court to force NSO to delete all user data they obtained from Apple users. Of course, there will also be punitive damages and compensation for Apple. Apple says they’re donating $10 million to help identify and stop hacks like these with third parties, as well as the damages from the case.

The NSO Group is already on the U.S. Entity List, which prevents U.S. companies from interacting with a company like they would any other. It’s reserved for businesses the government deems likely dangerous to personal or national security. Apple joins Meta (formerly Facebook) in their suit against NSO Group. Meta (then Facebook) is suing over NSO’s use of WhatsApp to distribute the Pegasus spyware.

The combined efforts of both companies could put a stop to so-called “gray hat” hacking, which is really no different from “black hat” hacking to their customers’ victims, is it?


Sources:
Exit mobile version