Pegasus Apple iPhone Spyware Leads to Litigation

Apple has filed a lawsuit against NSO Group relating to their installation of Pegasus spyware on Apple users’ devices. Apple wishes to hold NSO Group accountable for their surveillance of users.

Apple has taken the significant step to begin notifying individuals about the threat of state-sponsored attacks on their accounts and devices. Apple is suing NSO Group and its parent company to attempt to hold them accountable for surveillance of Apple users. Their lawsuit, filed November 23, 2021, seeks an injunction to ban NSO Group permanently from using any Apple software, services, or devices. It comes after NSO Group has been shown to have infected Apple users’ devices with Pegasus spyware.

Apple’s Actions to Notify Impacted Users

Apple threat notifications are intended to provide warnings to individuals who may have been targeted by state-sponsored attacks. They use two different methods to notify the user through their account. When logging into appleid.apple.com, there will be a Threat Notification displayed at the top of the page. Additionally, the user will receive an email and an iMessage notification to the email addresses and phone numbers associated with their Apple ID account. The notifications offer advice on the steps that they can take to improve their security and protect their devices and personal information.

In a press release, Apple’s senior vice president of Software Engineering, Craig Federighi, said, “State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change.”

NSO Group Allegations

The legal complaint from Apple reveals new information about the activities of NSO Group. It highlights FORCEDENTRY, which exploited a former vulnerability to gain access to Apple devices and install the NSO Group’s spyware Pegasus. The lawsuit from Apple intends to both ban NSO Group from having access to Apple products and services and to seek action on the violation of federal and state law by the NSO Group.

WhatsApp Similar Litigation

In 2019, WhatsApp also brought a court case aiming to hold NSO Group accountable for distributing their spyware through the app. A group of other tech companies, including Google and Microsoft, lent their official support to WhatsApp to encourage the ​​United States Court of Appeals for the Ninth Circuit to hold NSO Group accountable.

Apple responds by funding Cyber Threat Research

Apple has also announced a $10 million contribution in support of cyber-surveillance researchers and advocates. Any damages from the lawsuit have also been pledged to organizations in these areas. Apple is also supporting Citizen Lab, a research group at the University of Toronto that originally discovered the exploit that NSO Group used, by providing technical, threat intelligence, and engineering assistance at no charge. They will also provide assistance to other organizations doing work in the same field, where appropriate.

Ron Deibert, director of the Citizen Lab at the University of Toronto said, “Mercenary spyware firms like NSO Group have facilitated some of the world’s worst human rights abuses and acts of transnational repression, while enriching themselves and their investors. I applaud Apple for holding them accountable for their abuses, and hope in doing so Apple will help to bring justice to all who have been victimized by NSO Group’s reckless behavior.”In response to the complaint, NSO Group replied, “Thousands of lives were saved around the world thanks to NSO Group’s technologies used by its customers”. They said, “Pedophiles and terrorists can freely operate in technological safe-havens, and we provide governments with the lawful tools to fight [them]. NSO group will continue to advocate for the truth.”

Related Posts

Cell Phone Privacy – San Bernardino
Cell Phone and Social Media Forensics

What Constitutes Biometric Data?

Facebook’s record-breaking $5 billion settlement, proves the FTC takes consumer privacy very seriously. Will Facebook’s settlement spark other class-action lawsuits based on claims of privacy abuse relating to the Biometric Information Privacy Act (BIPA)? Forensic Expert Lee Neubecker and attorney David Rownd from Vedder Price discuss the ramifications of this settlement and dissect what really constitutes biometric data?

Part 2 of our 3 Part Series on BIPA

The Video Transcript Follows.

Lee Neubecker (LN): I am back again with David Rownd, and David’s going to talk a little bit more about BIPA. We’re talking about in the news recently, Facebook just reached a very large settlement related to claims of abuse relating to BIPA. What does this mean with such a large settlement? Is this inviting all the plaintiff attorneys to file more and more class-action lawsuits?

David Rownd (DR): Well, this has been a very active area of the law, and yes, the answer is yes. There’s a lot of class actions going on in this area, and it’s largely as a result of the low threshold to become a plaintiff in that you don’t have to establish specific damages, and the mere fact that the law has been violated can make you an aggrieved party who has the standing to file a lawsuit.

LN: Just so we can be clear, can you give some examples of what constitutes BIPA biometric data and what isn’t?

DR: Well, fingerprints are biometric data, a retina scanner, the veins in your hands can be evaluated as biometric data, and other things as well.

LN: What about the way you walk or the way you talk?

DR: Their voice recognition has been considered to be biometric data. Handwriting is not biometric data.

LN: So, devices like Siri and Alexa, is there a potential they’re going to fall into that?

DR: I think that that is certainly a possibility.

LN: So are we going to have to sign a contract before we use Alexa or Siri to protect, for them to be protected?

DR: I wouldn’t propose to advise Siri and Alexa as to how to conduct their business.

LN: Very good answer.

DR: I think that there is a possibility, certainly.

LN: So what do you think the future holds for BIPA-related lawsuits?

DR: Well, this is certainly an opening for plaintiffs lawyers to go after, and you see this in a variety of different areas where the law creates a low threshold to get in the courthouse door and potentially high exposure for defendants. You have plaintiffs lawyers who are attracted to that and they go after it, and that’s currently what’s happening now with BIPA in Illinois and why there are so many lawsuits filed.

LN: And I think it relates to, the fees are based on each instance of biometric data, so potentially you have multiple videos, multiple pictures, this data is stored, and if you can be aggrieved without the data even getting hacked, it’s a very large potential, which is probably why Facebook settled because what it could be much greater. And they probably weighed their risk and decided it made sense to settle.

DR: I think that’s probably right.

LN: Well, thanks again for being on the show, I really appreciate it.

DR: All right, thanks for having me.

View Part 1 of our 3-Part Series on Biometric Data

Part 1 of our 3-Part Series on Biometric Information

Other Related Articles on Biometric Data

FTC’s Press Release on Facebook’s settlement on Biometric Data

https://www.ftc.gov/news-events/press-releases/2019/07/ftc-imposes-5-billion-penalty-sweeping-new-privacy-restrictions

If you live in Illinois and use Facebook read this story from WGN, about Biometric Data.

https://wgntv.com/2020/01/30/facebook-may-pay-550-million-to-illinois-users-to-settle-lawsuit/