Apple iPhone users got a rude shock earlier this year on knowing how NSO Group’s Pegasus spyware successfully snooped on iPhones of activists, lawyers and journalists. The general perception that iPhones can’t be ‘hacked’ was challenged. It became a public relations nightmare for Apple in defending terms like “most secured” and “Privacy is built in” on marketing brochures for iPhones.
Pegasus spyware exploited several vulnerabilities to carry out “zero-click” attacks on iPhones with the latest software to steal personal information like contacts, voice recordings, images, SMS and more. And it was only after Amnesty International and Citizen Lab published a report on the same that the information became public.
Apple had to act quickly to fix the privacy issue and also its image. The Cupertino-based tech giant, within a couple of months, rolled out iOS 14.8 update to patch the vulnerabilities and prevent Pegasus from exploiting the known vulnerabilities. Apple described the update as a security fix for vulnerabilities that “may have been actively exploited in the wild.” Back then, it did not name Pegasus or it’s creator NSO Group. Now, Apple is suing NSO Group, so that Pegasus or other spywares made by NSO Group can’t breach the iOS walls again.
What is Apple doing to make sure Pegasus can’t spy on iPhones again
Apple has filed a lawsuit against NSO Group and its parent company to hold it accountable for the surveillance and targeting of Apple users. Apple is not the first company to sue NSO Group. In fact, Facebook (now Meta), has already taken NSO Group to court for breaching privacy on WhatsApp. This was also supported by Google and Microsoft.
While the lawsuit is primarily aimed at holding NSO Group responsible, Apple is also “seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices.” If the lawsuit is ruled in favour of Apple then NSO Group should ideally not have access to the Apple ecosystem officially.
Apple explains how Pegasus may have attacked iPhones
Apple provided new information on how NSO Group used its FORCEDENTRY exploit to break the security of Apple devices. The exploit is now patched. To deliver FORCEDENTRY to Apple devices, attackers created Apple IDs to send malicious data to a victim’s device — allowing NSO Group or its clients to deliver and install Pegasus spyware without a victim’s knowledge. Apple claims that its servers were not hacked or compromised in the attacks.
Apple said that the new iOS 15 software for iPhones includes a number of new security protections, including significant upgrades to the BlastDoor security mechanism. Apple uses pointer authentication codes (PAC), BlastDoor, and the Page Protection Layer (PPL) to protect users against these “sophisticated attacks”.
“While NSO Group spyware continues to evolve, Apple has not observed any evidence of successful remote attacks against devices running iOS 15 and later versions,” said Apple. The company also urged all users to update their iPhone.
Read all the Latest News, Breaking News and Coronavirus News here. Follow us on Facebook, Twitter and Telegram.