A real thunderclap, after months of timid wait and see. Apple has just announced, in a press release, to launch a legal battle in the United States against NSO Group. Blacklisted by the United States, the Israeli company publishes the infamous Pegasus spyware, which allows state actors to monitor and spy on iPhone users.
This fight, seemingly simple, and already initiated by WhatsApp for similar reasons, is nevertheless colossal, even if NSO Group is the target of a parliamentary inquiry conceded by the Israeli state in the face of international pressure. But Apple’s objective seems to go further since it is against spyware financed by the States that it is going on a crusade.
A declaration of war
“Actors like the state-backed NSO Group are spending millions of dollars on sophisticated surveillance technology without being held accountable. That must change “says Craig Federighi, senior vice president of software engineering for Apple.
And to continue by declining a well-known antiphon, adding a new touch to it : “Apple devices are the most secure consumer products on the market – but private companies that develop spyware under state protection have become even more dangerous. Although these cyber security threats affect only a small number of our users, we take any attack against our users very seriously, and we are constantly working to strengthen the security and protections of private data in iOS to keep our users safe. the shelter. “
This is why Apple asks, among other things, the American justice system to prohibit Israeli society from accessing all of the group’s devices and services.
Community efforts and support
In a long press release, the Cupertino giant recalls that it is not sparing its efforts, introducing innovative protections both in its software and in its chips. We can even read, which costs nothing, that Apple “Conducts one of the most advanced engineering and safety operations in the world”. But faced with the means of state actors, Apple has decided to go further and put its weight in the balance.
The Cupertino giant will thus contribute $ 10 million to the efforts of Citizen Lab and Amnesty Tech, which have made it possible to identify the most recent uses of Pegasus. It will also cover possible damages related to legal action for organizations that conduct cybersurveillance research in this area.
Also to discover in video:
In addition, Apple will provide Citizen Lab, part of the University of Toronto, with assistance with technical information, threat data or even outright engineering. A game of transparency and aid which aims to help these actors in their independent research mission. Tim Cook’s teams also announce that, on a case-by-case basis and when relevant, they will offer the same support to other organizations working in the area of cybersecurity.
After what seems from the outside a long silence, this new resolution seems however to be the only possible way for Apple. Hard to help but collaborate and help security researchers, white hats, when NSO Group hackers managed to find loopholes and create tools that worked even on the latest iOS updates. Proof that the work of Apple, alone, however efficient its teams, was not enough.
Towards a new relationship with the security research community?
We can obviously only welcome this legal action and these funds provided to serve a just cause. But it is also hoped that this double movement will also lead to an overhaul of the relationship between Apple and the community of security researchers. A relationship, which is often strained, and not as effective as it can get. Apple has often been accused in the past of not taking the threats and loopholes presented to it seriously.
Is Apple’s reaction time a consequence? Hard to say. One thing is certain, it took a long time for the giant Apple to react. NSO Group tools, like Pegasus, which targets the iPhone, but also Android, have been talking about them since 2016, at least.
Finally, if the two cases are independent, it is also interesting to note that Apple may not have much choice for another reason. It had to act when its spokespersons reminded more and often that iOS is a closed system for the safety of its users. An argument put forward recently to underline the dangers incurred by all users if the sideloading, downloading applications from stores other than the App Store, had to be authorized by a judge or the law. How indeed could Apple want to keep a closed model to maintain the best possible security, without reacting to violations, targeted, of course, but real?
If the decisions are undoubtedly or perhaps not linked, in any case they serve the same double cause: that of the security of iPhone users, in the short term, and that of the fight against the spyware used by states to our detriment. It is therefore difficult to complain about the arrival of a heavyweight, such as Apple, in the arena.