Content, Breach, Distributed Workforce

Apple Lawsuit vs NSO Group Alleges iPhone, MacOS, WatchOS Spyware

Apple is suing the NSO Group, a controversial Israeli state-backed spyware developer, accusing the secretive company of using its powerful Pegasus surveillance tool to target and track a small number of the iPhone maker’s customers worldwide.

For MSSPs that protect Apple devices for end-customers, the lawsuit may provide some clues about how to further lock down Apple iOS, MacOS and WatchOS devices from prying eyes.

Indeed, Apple’s complaint alleges that NSO used Forcedentry, an exploit first identified by cyber researcher Citizen Lab, to remotely install Pegasus on victims’ iOS, MacOS and WatchOS devices. The vulnerability has since been patched. None of Apple’s servers were compromised in the attacks and to date the company has not found any evidence that devices running iOS 15 and later have been infiltrated by remote attacks. The lawsuit seeks to ban NSO Group from using Apple’s products and services along with compensation for violating U.S. federal and state law by targeting and attacking Apple and its users.

NSO: Helping or Hurting Cybersecurity?

At its core, the lawsuit rhetorically asks if NSO's activities make the world safer, as its low profile founder Shalev Hulio claimed in an interview on a 60 Minutes television show in March, 2019, or does its cyber surveillance warfare obliterate digital privacy and cultivate political suppression? How far does cybersecurity extend?

“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability,” said Craig Federighi, Apple’s software engineering senior vice president. “That needs to change,” he said.

In a statement, NSO said that its “lawful” tools are used to help governments fight “pedophiles and terrorists can freely operate in technological safe-havens.” However, its critics argue that it does much more nefarious work with Pegasus. As NSO claims its software aids governments and law enforcement to fight terrorism, the company reportedly sells its technology to dictators and human rights abusers, including the United Arab Emirates, Saudi Arabia and others.

Additional Concerns About NSO

Apple is not alone in coming after NSO. In a lawsuit brought a year ago by WhatsApp against NSO, a host of tech giants, including Cisco, GitHub, Google, LinkedIn, Microsoft, VMWare and the Internet Association filed an amicus brief in support of the messaging service provider. In late November, the Biden administration took the unusual step of placing NSO on the U.S. Commerce Department's trade blacklist.

NSO is also said to be among a growing list of private-sector offensive actors (PSOAs) that are developing and selling cyber weaponry, Microsoft corporate vice president of customer security and trust president Tom Burt wrote in a blog post in December, 2020.

"Private-sector companies creating these weapons are not subject to the same constraints as governments," Burt wrote. "Many governments with offensive cyber capabilities are subject to international laws, diplomatic consequences and the need to protect their own citizens and economic interests from the indiscriminate use of these weapons."

Until recently, NSO was known mostly among the discreet cybersecurity community for its ability to crack into encrypted Apple iPhones. It was an issue that took center-stage when the FBI and Justice Department locked horns with Apple over the vendor's refusal to help law enforcement break into the iPhones used in the San Bernardino, California terrorist mass shooting in 2015.

D. Howard Kass

D. Howard Kass is a contributing editor to MSSP Alert. He brings a career in journalism and market research to the role. He has served as CRN News Editor, Dataquest Channel Analyst, and West Coast Senior Contributing Editor at Channelnomics. As the CEO of The Viewpoint Group, he led groundbreaking market research.