Apple sued NSO Group, an Israeli company that offers software to government organizations and law enforcement agencies that allows them to hack iPhones and access their contents, including texts and other communications, on Tuesday.
Amnesty International reported earlier this year that it had uncovered recent-model iPhones infected with NSO Group spyware named Pegasus that belonged to journalists and human rights attorneys. Apple is attempting to obtain a permanent injunction prohibiting NSO Group from utilizing Apple software, services, or devices. It’s also asking for more than $75,000 in damages. The case serves as a warning to other spyware companies, according to Apple. “In a free society, it is unacceptable to weaponize strong state-sponsored spyware against innocent people and those who wish to make the world a better place,” Apple’s chief of security engineering and architecture, Ivan Krstic, wrote in a tweet. Apple claims that NSO Group software allows “attacks, including from sovereign governments that pay hundreds of millions of dollars to target and attack a tiny fraction of users with information of particular interest to NSO’s customers,” and that it is not “ordinary consumer malware” in a lawsuit filed in federal court in the Northern District of California.
Apple also announced on Tuesday that it has fixed the holes that allowed the NSO Group software to gain access to sensitive data on iPhones using “zero-click” attacks, in which malware is distributed via text message and leaves no evidence of infection. According to Apple’s lawsuit, Pegasus users may remotely monitor an iPhone owner’s activity, gather emails, text messages, and browser history, and access the device’s microphone and camera.
Apple stated that the attacks were limited to a small number of customers and that it will notify iPhone owners who may have been affected by the Pegasus malware on Tuesday. According to Apple, the NSO Group fabricated Apple ID accounts and breached the iCloud terms of service to operate its spyware. NSO Group is suspected of creating spyware with “0day” defects, or holes that Apple has yet to cure. When Apple resolves an attack, it ceases to be a zero-day vulnerability, and consumers can protect themselves by updating their iPhone software. Amnesty International announced earlier this year that it had discovered evidence of a hacked iPhone 12 and got a leaked list of 50,000 phone numbers targeted by NSO Group spyware. Jamal Khashoggi, a Washington Post contributor who was assassinated in Turkey by killers working for Saudi Arabia, is said to have had NSO Group software installed on his family and friends.
NSO Group malware was also identified on the iPhones of a French human rights lawyer, a French activist, an Indian journalist, and a Rwandan activist, according to Amnesty International. NSO Group was placed on a blacklist by the US Commerce Department earlier this month, preventing it from using American technology in its activities. Meta, formerly known as Facebook, is also suing NSO Group, saying that it assisted in the hacking of Meta subsidiary WhatsApp users.
Apple said it will donate $10 million to charities that fight digital spying, as well as any damages from the lawsuit. “Through the employment of NSO Group’s solutions by its customers, thousands of lives have been saved throughout the world,” an NSO Group spokeswoman said in a statement. “Pedophiles and terrorists can operate freely in technical safe-havens, and we equip countries with legal instruments to combat this.” The NSO Group will keep fighting for the truth.
