Apple on Tuesday announced that it had filed suit against NSO Group, the firm that sells the Pegasus spyware tool known to be used by governments to hack iPhones used by activists, journalists, and criminals.
Pegasus is NSO Group’s best-known spyware tool, which the company claims was intended to be used against criminal activity but has instead been used against innocent groups and individuals. Apple filed a lawsuit on Tuesday against both the group and its parent company in an effort to prevent the NSO Group from continuing to provide Pegasus to its customers.
In the announcement, Apple revealed that it is notifying the “small number of users” who have been targeted via the FORCEDENTRY exploit for a now-patched vulnerability that allowed Pegasus to be installed on their devices. Apple also announced that it will also notify users that it believes have been targeted by state-sponsored spyware attacks “in accordance with industry best practices.”
Apple threat notifications are designed to inform and assist users who may have been targeted by state-sponsored attackers.
Apple threat notifications are designed to inform and assist users who may have been targeted by state-sponsored attackers. These users are individually targeted because of who they are or what they do. Unlike traditional cybercriminals, state-sponsored attackers apply exceptional resources to target a very small number of specific individuals and their devices, which makes these attacks much harder to detect and prevent. State-sponsored attacks are highly complex, cost millions of dollars to develop, and often have a short shelf life. The vast majority of users will never be targeted by such attacks.
If Apple discovers activity consistent with a state-sponsored attack, we notify the targeted users in two ways:
- A Threat Notification is displayed at the top of the page after the user signs into appleid.apple.com.
- Apple sends an email and iMessage notification to the email addresses and phone numbers associated with the user’s Apple ID.
These notifications provide additional steps that notified users can take to help protect their devices.
Apple will notify affected users via email and iMessage notifications to the email addresses and phone numbers associated with a user’s Apple ID. The notifications will also provide steps that users can take to protect their devices. The Cupertino firm will place a prominent “Threat Notification” banner at the top of the page when an affected user logs into their Apple ID accounts on the Apple ID web portal.
Apple advises all users to take the following steps to secure their devices:
- Update devices to the latest software, as that includes the latest security fixes
- Protect devices with a passcode
- Use two-factor authentication and a strong password for Apple ID
- Install apps from the App Store
- Use strong and unique passwords online
- Don’t click on links or attachments from unknown senders
Apple is also sharing a list of emergency resources at the Consumer Reports Security Planner website for those users who have not received an Apple threat notification but believe they may have been targeted by state-sponsored attackers to obtain expert assistance.