Apple on Tuesday sued the Israeli spyware maker at the centre of the Pegasus surveillance scandal, seeking to block NSO Group from targeting the over one billion iPhone handsets in circulation.
The suit from the Silicon Valley giant adds to the trouble facing embattled NSO, which was engulfed in controversy over reports that tens of thousands of activists, journalists and politicians were listed as potential targets of its Pegasus spyware.
US authorities just weeks ago blacklisted NSO to restrict exports from American groups over allegations the Israel firm “enabled foreign governments to conduct transnational repression.”
“To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices,” Apple said in a statement announcing the lawsuit filed in US federal court in California.
“Defendants are notorious hackers — amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse,” the iPhone maker wrote in its case.
NSO has consistently denied any wrongdoing and insisted its software is intended for use by authorities only in fighting terrorism and other crimes.
“Pedophiles and terrorists can freely operate in technological safe-havens, and we provide governments the lawful tools to fight it. NSO group will continue to advocate for the truth,” the firm said in a statement to AFP.
Smartphones infected with Pegasus are essentially turned into pocket spying devices, allowing the user to read the target’s messages, look through their photos, track their location and even turn on their camera without them knowing.
Apple says there are 1.65 billion active Apple devices worldwide, including over a billion iPhone devices.
The suit from Apple is not the first from a Big Tech firm — Facebook sued NSO Group in 2019, accusing it of using the WhatsApp messenger to conduct cyberespionage on journalists, human rights activists, and others.
That suit, filed in a California federal court, alleged approximately 1,400 devices were targeted with malicious software to steal valuable information from those using the messaging app.
“This can’t be good news for NSO, which is reportedly in danger of default with over $500 million (roughly Rs. 3,730 crore) in debt, a recent leadership shakeup with their CEO, and France pulling out of a planned purchase after the US sanctions,” said Jake Williams from cybersecurity firm BreachQuest.
Following the initial concern over Pegasus, a subsequent wave of worries emerged when Apple released a fix in September for a weakness allowing NSO’s spyware to infect devices without users even clicking on a malicious message or link.
The so-called “zero-click” attack is able to silently corrupt the targeted device, and was identified by researchers at Citizen Lab, a cybersecurity watchdog organisation in Canada.
Apple said Tuesday it is notifying the “small number” of users that it discovered may have been targeted by those types of attacks.
“Mercenary spyware firms like NSO Group have facilitated some of the world’s worst human rights abuses and acts of transnational repression, while enriching themselves and their investors,” said Citizen Lab director Ron Deibert.