Apple Aims to Cut Down on Spyware With Lawsuit Against NSO Group

[MacRumors]

Apple today announced that it has filed a lawsuit against Israeli firm NSO Group and its parent company with the aim of holding it accountable for targeting Apple users with spyware used for surveillance purposes.

In the lawsuit, Apple offers up information on how NSO Group infiltrated the devices of iPhone owners and how it utilized the Pegasus spyware to do so. Apple is asking for a permanent injunction that would ban NSO Group from using Apple software, services, or devices.

"State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change," said Craig Federighi, Apple's senior vice president of Software Engineering. "Apple devices are the most secure consumer hardware on the market -- but private companies developing state-sponsored spyware have become even more dangerous. While these cybersecurity threats only impact a very small number of our customers, we take any attack on our users very seriously, and we're constantly working to strengthen the security and privacy protections in iOS to keep all our users safe."

NSO Group created invasive spyware known as "Pegasus" that was sold to various world governments and was used to access the devices of journalists, lawyers, and human rights activists. Apple has been working on fixing exploits and has addressed major Pegasus-related hacks in iOS 14.6 and iOS 14.8.

With iOS 14.8, for example, Apple addressed a zero-click FORCEDENTRY iMessage exploit that could infect iOS devices with the Pegasus software, allowing for access to the camera, microphone, text messages, phone calls, emails, and more. Apple engineers worked around the clock to develop a fix, and additional BlastDoor security protections have been implemented in iOS 15 to protect the Messages app.

Those who were impacted by FORCEDENTRY will be notified by Apple, and going forward, Apple says any time that it finds activity consistent with a state-sponsored spyware attack, affected users will be informed.

Apple says that it has not found evidence of successful remote attacks against users running iOS 15 and later updates, and that everyone should update their phones and run the latest software. Apple security chief Ivan Krstić said the lawsuit is a signal that Apple will not stand for the use of weaponized spyware against "those who seek to make the world a better place."

"At Apple, we are always working to defend our users against even the most complex cyberattacks. The steps we're taking today will send a clear message: In a free society, it is unacceptable to weaponize powerful state-sponsored spyware against those who seek to make the world a better place," said Ivan Krstić, head of Apple Security Engineering and Architecture. "Our threat intelligence and engineering teams work around the clock to analyze new threats, rapidly patch vulnerabilities, and develop industry-leading new protections in our software and silicon. Apple runs one of the most sophisticated security engineering operations in the world, and we will continue to work tirelessly to protect our users from abusive state-sponsored actors like NSO Group."

In addition to filing a lawsuit against NSO Group, Apple plans to contribute $10 million to organizations pursuing cybersurveillance research and advocacy. Apple will also donate the damages from any lawsuit to the same cause, and will continue to support researchers at Citizen Lab with pro-bono technical, threat intelligence, and engineering assistance.

NSO Group has claimed that its software exploits have only been sold to "vetted" military, law enforcement, and intelligence agencies for use against criminals and terrorists, but a massive data leak earlier this year confirmed widespread abuse of the spyware. As a result, NSO Group has been blacklisted by the U.S. government, and no American organization is allowed to work with it. The company is also facing a 2019 malware lawsuit from Facebook, which a judge earlier this week refused to dismiss.

Article Link: Apple Aims to Cut Down on Spyware With Lawsuit Against NSO Group

 

[metapunk2077fail]

Chef's Kiss. Perfection.

 

[DeepIn2U]

ROLMAO perfection. Miss the Chef! More memes needed.

This is where Apple should put their weight to get things done outside of their business that can have positive impact for ALL their users.

 

[RumorConsumer]

I hope this only builds from here.

 

[dguisinger]

I don't see this doing much to fix security. The best thing they could do is fix their problems in their bug bounty program and repair their relationship with security researchers who would rather sell the bugs back to Apple for fixing.

 

[metapunk2077fail]

I hope this only builds from here.

This thread has been moved to politics and I've seen people fighting when they should not be.

Don't generalise nations of people. Israelis and Palestinians would be at peace if foreign religious fundamentalists in the West and the Middle East were not pushing on them.

If you want to attack someone do it to a fascistic unaccountable oligarch or dictator and the companies who make harmful spyware and weapons.

 

[grandM]

Skin them alive!

 

[PinkyMacGodess]

They need to use more electricity!!!

 

[TheYayAreaLiving 🎗️]

Chef's Kiss. Perfection.

ROLMAO perfection. Miss the Chef! More memes needed.

This is where Apple should put their weight to get things done outside of their business that can have positive impact for ALL their users.

Perfection, indeed!

 

[Malus120]

This is nice to hear. Seriously **** the NSO group... For a supposedly major ally (and given what it's people have been through...) I really can't understand how Israel has let itself (and why the **** the USA lets it) become a major hub for high tech repression technology like this. The pitch is just terrible "our people suffered the worst repression, leading up to a genocide, and now we pioneer the tools repressive regimes use to do the same!"

 

[PinkyMacGodess]

LOL

Had to stretch a little to incorporate two of my favorite muppets.

 

[TheYayAreaLiving 🎗️]

Had to stretch a little to incorporate two of my favorite muppets.

This was coming lol. Apple is not happy with Pegasus!

Apple chasing the criminals and attackers!

 

[_Spinn_]

This is great news! I hope this starts a trend.

 

[Havoc035]

I don't see this doing much to fix security. The best thing they could do is fix their problems in their bug bounty program and repair their relationship with security researchers who would rather sell the bugs back to Apple for fixing.

I could't agree more. Fixing security issues and hardening the OS overall should be the first priority. However, I still see this lawsuit as a good additional step.

 

[jz0309]

Good move, hope they win

 

[centauratlas]

Apple should consider hiring their engineers too. Get ahead of it vs being reactive to it. Have a special internal group looking at the code and finding bugs. And getting bug bounty rewards (perhaps options) for every one they find.

This is all well and good, but it won't stop it.

 

[macfacts]

This is like suing gun manufacturers instead of killers.

 

[tavsingh]

Thank you ??

+1 to improving the Bug Bounty program.

 

[MrTangent]

Hallelujah. Now we just need to yeet the Mossad, NSA, CIA and the like into the Sun and we’ll be much better for it.

 

[4jasontv]

I want to see the posting for the team that combats this.

Do you like lurking in the darkest parts of the web sifting through unsightly instruments? Do you always know where the worst of humanity hangs out? Do you hate the government more than you hate freedom of information? As an Apple Dark Web Advisor, you’ll be supporting many of our popular products, from iPhones to iPads to MacBooks to desktop Macs. As our customers’ first point of contact, you’ll be the silent voice of Apple, providing world-class customer service, troubleshooting, and technical support to our engineering teams. We’ll rely on you to listen to the criminal underbelly and use your technical knowledge, creativity, and passion to interfere with their needs — and remind them that behind our great products are amazing people. Because we believe our individual backgrounds, perspectives, and passions help us create the ideas that move all of us forward. We’ll train you to be the best. This position comes with competitive pay, tuition reimbursement, great benefits, eligibility to participate in our company stock plan, time off, an employee discount, and dedicated resources to support your ongoing growth and career development!

Working for Apple isn't the only benefit. You'll have the opportunity to work from home, be connected to a diverse collective of individuals you will never meet, and will assume are either someone just like you or someone your drunk uncle told you stole his job, earning where you learn. To excel in this environment, you'll need the discipline and ability to work remotely from coworkers and management. We offer all kinds of ways to simulate well-being, confidence, and satisfaction. Learn more about Apple benefits.

Education & Experience
2.7 GPA preferred
Computer Science, Business, Engineering, and Computer Information Systems majors are preferred

We are looking for someone with the following qualifications:

• Real passion for customer service and ownership of the customer experience, including comprehensive issue resolution​

• Potential for tailoring communication and style to differing audiences​

• Able to self-manage and work independently in a fast-paced, constantly changing environment​

• Teamwork mentality with an aptitude for sharing expertise and appreciating feedback​

• Effective time management including the ability to multi-task, organize and prioritize​

• Ability to research and grasp technical information across multiple tools while talking with customers​

​

Note: Apple benefits programs are subject to eligibility requirements you won't meet because we will deny your existence.

 

[Unsupported]

The pitch is just terrible "our people suffered the worst repression, leading up to a genocide, and now we pioneer the tools repressive regimes use to do the same!"

That smells more than a little of antisemitism to me ?

Pegasus (spyware) - Wikipedia

en.wikipedia.org

NSO Group was previously owned by American private equity firm Francisco Partners,[5] but it was bought back by its founders in 2019.[6] The company states that it provides "authorized governments with technology that helps them combat terror and crime."[7][8] NSO Group has published sections of contracts which require customers to use its products only for criminal and national security investigations and has stated that it has an industry-leading approach to human rights.[9]

 

[MrTangent]

That smells more than a little of antisemitism to me ?

Pegasus (spyware) - Wikipedia

en.wikipedia.org

Israel is a horrible country that has blood on its hands, forcing Palestinians out of their lands and homes. Call me an antisemite all you want, their government sucks and Israelis have become the fascists they profess to hate.

 

[rictus007]

So who’s is against this?

 

[Unsupported]

Israel is a horrible country that has blood on its hands, forcing Palestinians out of their lands and homes. Call me an antisemite all you want, their government sucks and Israelis have become the fascists they profess to hate.

Drawing comparisons of contemporary Israeli policy to that of the Nazis.

We apologize for the inconvenience... - United States Department of State

The page you’re looking for may have gone offline or does not exist. Please use our search, browse further via our navigation, or return to the home page. You may also visit our Archive page for more information. Still can’t find it? Send us a message using our Contact Us form. A URL is helpful […]

www.state.gov

 

[Wildkraut]

Good luck suing the ones who set the rules, Apple!

Why not simply fix the exploits and setup a decent bug-bounty program to attract security researchers and motivate them to submit the exploits!

Apple is a 2 trillion company which is too stingy to payout for bugs and exploits.
In other words they care for 💩, all just a show to make people think they care for privacy.