Apple sues Israeli tech group behind Pegasus spyware

6 days ago

Image: © Tada Images/Stock.adobe.com

The tech giant is taking legal action against an Israeli spyware firm and pledging at least $10m to cybersurveillance research.

Apple is suing the tech group behind the Pegasus spyware in a bid to “hold it accountable for the surveillance and targeting of Apple users”.

The iPhone maker yesterday (23 November) filed a lawsuit against NSO Group and its parent company in a California court, alleging that the group illegally targeted Apple devices with its Pegasus software.

Apple now is seeking a permanent injunction to ban the group from using any Apple software, services or devices.

Israel’s NSO Group develops surveillance technology that can be used to track targeted iOS and Android users. It claims its products are used by government intelligence and law enforcement agencies to prevent and investigate serious crime and terror incidents.

But the group made headlines earlier this year when an investigation claimed the Pegasus spyware was abused and used to target journalists, activists and government officials.

“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change,” said Craig Federighi, Apple’s senior vice-president of software engineering.

“Apple devices are the most secure consumer hardware on the market — but private companies developing state-sponsored spyware have become even more dangerous.”

Apple said that the spyware was used to “attack a small number” of its users worldwide.

Pegasus spyware

The Pegasus spyware can infect the phones of targets through a variety of mechanisms, such as a message that provides a link to a website. If clicked, this link delivers malware to the device.

In its legal complaint, Apple claimed to provide new information on ForcedEntry, a now-patched vulnerability that had been used to infect Apple devices with the Pegasus spyware in a ‘zero-click’ exploit.

It alleged that this allowed NSO Group or its clients to deliver and install Pegasus spyware without a victim’s knowledge, allowing access to the microphone, camera and other sensitive data on devices.

This is not the first time concerns have been raised about NSO Group. US officials placed the company on a blacklist earlier this month, saying its software had “enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists”.

A report from MIT Technology Review this week also claimed that French officials were in the final stages of buying Pegasus spyware earlier this year but opted out after claims that French politicians had been targeted.

The Pegasus spyware can infect Android devices too but is reportedly more effective on iOS – even though Apple devices are generally considered more secure than their Android equivalents.

“At Apple, we are always working to defend our users against even the most complex cyberattacks,” said Ivan Krstić, head of security engineering and architecture at Apple.

“The steps we’re taking today will send a clear message: in a free society, it is unacceptable to weaponise powerful state-sponsored spyware against those who seek to make the world a better place.”

Cybersurveillance research

Apple’s suit is seeking damages for NSO Group’s “flagrant violations of US federal and state law arising out of its efforts to target and attack Apple and its users”.

Alongside the legal action, the tech giant announced that it will contribute $10m as well as any damages from the lawsuit to organisations engaging in cybersurveillance research and advocacy.

In particular, it said it would support Citizen Lab, the internet research group that discovered the ForcedEntry exploit, and “other organisations doing critical work in this space”.

“Mercenary spyware firms like NSO Group have facilitated some of the world’s worst human rights abuses and acts of transnational repression, while enriching themselves and their investors,” said Ron Deibert, director of Citizen Lab, which is based at the University of Toronto.

“I applaud Apple for holding them accountable for their abuses, and hope in doing so Apple will help to bring justice to all who have been victimised by NSO Group’s reckless behaviour.”

In response to the lawsuit, NSO Group said that “thousands of lives were saved around the world” with its technologies.

“Pedophiles and terrorists can freely operate in technological safe havens, and we provide governments the lawful tools to fight it. NSO Group will continue to advocate for the truth.”

Don’t miss out on the knowledge you need to succeed. Sign up for the Daily Brief, Silicon Republic’s digest of need-to-know sci-tech news.

Sarah Harford is sub-editor of Silicon Republic

editorial@siliconrepublic.com