NSO. Why is Apple so Concerned?

Yesterday, Apple announced it is devising a technology for specialized additional protection to users who may be at risk of highly targeted cyberattacks.

The company has introduced the so called "Lockdown Mode" which willl offer an optional protection for a small number of users who may face grave, targeted threats to their digital security.

Apple positions this update, that will be available on iOS 16, iPadOS 16, and macOS Venturain, as a groundbreaking capability. The company realises that only a small number of users will possibly use this mode, but remains committed to protecting every client.

Apple went on explaining that the Lockdown mode is intented to protect users from very sophisticated digital threats such as those designed by an Israeli technology firm NSO Group.

Lockdown Mode offers an extreme, optional level of security for the very few users who, because of who they are or what they do, may be personally targeted by some of the most sophisticated digital threats, such as those from NSO Group and other private companies developing state-sponsored mercenary spyware,

reads Apple's website.

So, why is Apple so concerned with NSO? We break this down for you.

What is NSO?

NSO Group is an Israeli IT firm primarily known for its spyware Pegasus. The program can infect a target’s phone via just a text message and then start sending back data, including photos, messages, and audio / video recordings.

NSO Group has always presented it as a crucial tool for government security agencies seeking to identify and trace criminals. However, it was soon revealed that many governments abused Pegasus and targeted opposition journalists and human rights activists.

In 2021, a coalition of news outlets, including The Washington Post, Le Monde, and The Guardian published a big investigation dubbed "The Pegasus Project", in which they revealed how exactly the spyware was used by governments around the world. The project was led by Forbidden Stories, an organization of journalists that works on stories after the original reporters have been silenced in some way.

The consortium based its investigation on a massive leak of more than 50,000 phone numbers selected for surveillance by the customers of NSO Group. The leaked data showed that at least 180 journalists have been selected as targets in countries like India, Mexico, Hungary, Morocco and France, among others. Potential targets also include human rights defenders, academics, businesspeople, lawyers, doctors, union leaders, diplomats, politicians and several heads of states. The founder of Telegram, Pavel Durov, was also on the list.

One of the key takeaways of the investigration was that iPhones were not as secure as many thought them to be. In the article summarising the investigation, The Washington Post position iPhone's vulnerability at the top of the list of its takeaways. The article runs as follows:

The discovery on a list of phone numbers of 37 smartphones that had been either penetrated or attacked with Pegasus spyware fuels the debate over whether Apple has done enough to ensure the security of its devices, popular the world over for their reputation for resisting hacking attempts. Thirty-four of the 37 were iPhones,

Following the investigation, Apple tried to fix the flaws in the iMessages system, which were exploited by NSO's Pegasus. Now the company makes another step to protect its users.

Can Lockdown Mode really help you?

So, how can the "Lockdown Mode" protect one from a program like NSO's Pegasus? On its website, Apple provided a list of protections the mode will include at its launch:

• Messages: Most message attachment types other than images are blocked. Some features, like link previews, are disabled.
• Web browsing: Certain complex web technologies, like just-in-time (JIT) JavaScript compilation, are disabled unless the user excludes a trusted site from Lockdown Mode.
• Apple services: Incoming invitations and service requests, including FaceTime calls, are blocked if the user has not previously sent the initiator a call or request.
• Wired connections with a computer or accessory are blocked when iPhone is locked.
• Configuration profiles cannot be installed, and the device cannot enroll into mobile device management (MDM), while Lockdown Mode is turned on.

All these protections aim at preventing strangers from sending fake links that a user can tap and thus infect its smartphone. The last point also increases the security of the system in general, protecting it from possible hacks. Overall, this list seems to cover all the possible ways Pegasus can infect an iPhone. However, it still depends on the user's own responsibility to remain wary when opening messages or e-mails that can potentially contain spyware.

Apple plans to develop the LockDown Mode in future and probably will add more features as NSO and other companies will continue to develop spyware in their turn.