Apple on Tuesday sued the Israeli spyware maker at the center of the Pegasus surveillance scandal to prevent the NSO Group from targeting the more than one billion iPhone phones in circulation.
The Silicon Valley giant’s lawsuit adds to the problems faced by the embattled NSO, which has been embroiled in controversy over reports that tens of thousands of activists, journalists and politicians have been listed as potential targets for its Pegasus spyware.
The US authorities only blacklisted NSO a few weeks ago in order to restrict exports by American groups because the Israeli company had “enabled foreign governments to carry out transnational repression”.
“To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to prohibit the NSO Group from using Apple software, services or devices,” Apple said in a statement accompanying the lawsuit in the US federal court in California.
“The defendants are notorious hackers – amoral mercenaries of the 21st century.
NSO has consistently denied any wrongdoing, insisting that its software is only for use by government agencies to combat terrorism and other crimes.
“Pedophiles and terrorists can operate freely in technological safe havens, and we are providing governments with legitimate tools to combat them. The NSO group will continue to advocate the truth,” the company said in a statement to AFP.
Smartphones infected with Pegasus essentially become pocket espionage devices, allowing the user to read the target’s messages, peruse their photos, track their location, and even turn on their camera without their realizing it.
According to Apple, there are 1.65 billion active Apple devices worldwide, including over a billion iPhone devices.
Apple’s lawsuit isn’t the first by a big tech company – Facebook sued the NSO Group in 2019, accusing them of using WhatsApp messenger to cyber espionage against journalists, human rights activists, and others.
This lawsuit, which was filed in a California federal court, alleged that around 1,400 devices were attacked with malware in order to steal valuable information from users of the messaging app.
“This can’t be good news for NSO, which is reportedly with over $ 500 million in debt (approx. US sanctions),” said Jake Williams of cybersecurity firm BreachQuest.
After initial concerns about Pegasus, another wave of worries surfaced when Apple released a fix in September for a vulnerability that allowed NSO’s spyware to infect devices without users clicking a malicious message or link.
The so-called “zero-click” attack is able to silently corrupt the target device and was identified by researchers at Citizen Lab, a cybersecurity surveillance organization in Canada.
Apple said Tuesday that it is notifying the “small number” of users it has determined may have been targeted by these types of attacks.
“Mercenary spyware firms like the NSO Group have enabled some of the world’s worst human rights abuses and transnational repression, and enriched themselves and their investors,” said Ron Deibert, director of the Citizen Lab.