Apple’s legal complaint provides new information on NSO Group’s
FORCEDENTRY, an exploit for a now-patched vulnerability previously
used to break into a victim’s Apple device and install the latest
version of NSO Group’s spyware product, Pegasus. The exploit was
originally identified by the Citizen Lab, a research group at the
University of Toronto. [...]
NSO Group and its clients devote the immense resources and
capabilities of nation-states to conduct highly targeted
cyberattacks, allowing them to access the microphone, camera, and
other sensitive data on Apple and Android devices. To deliver
FORCEDENTRY to Apple devices, attackers created Apple IDs to send
malicious data to a victim’s device — allowing NSO Group or its
clients to deliver and install Pegasus spyware without a victim’s
knowledge. Though misused to deliver FORCEDENTRY, Apple servers
were not hacked or compromised in the attacks.
A couple of things are interesting about this. First, Apple repeatedly refers to the “FORCEDENTRY” exploit by name. This is not PR bullshit — they’re talking about a very specific exploit. Second, they refer to Android as their compatriot, not their competitor. There’s a time and place for Apple to brag about iOS being more secure than Android, but this isn’t it. The message here: “This isn’t just about us, NSO Group is after everyone.”
Lastly, the phrase “the immense resources and capabilities of nation-states”. This is Apple hammering home the fact that deliberate backdoors would be exploited. They’re up against countries with, effectively, infinite money and resources to find and exploit accidental vulnerabilities. If there were deliberate backdoors, the game would be over before it started.
Apple commends groups like the Citizen Lab and Amnesty Tech for
their groundbreaking work to identify cybersurveillance abuses and
help protect victims. To further strengthen efforts like these,
Apple will be contributing $10 million, as well as any damages
from the lawsuit, to organizations pursuing cybersurveillance
research and advocacy.
The New York Times story on this mentioned that Apple would be donating any damages from the lawsuit, if they win. It’s a nice touch that they’re donating $10 million no matter what happens in court. Citizen Lab and Amnesty Tech did crackerjack work exposing this exploit.
Apple is notifying the small number of users that it discovered
may have been targeted by FORCEDENTRY. Any time Apple discovers
activity consistent with a state-sponsored spyware attack, Apple
will notify the affected users in accordance with industry best
★ Tuesday, 23 November 2021