Apple has filed a lawsuit against NSO Group, the Israeli spyware developer blacklisted by the Biden administration earlier this month, accusing the firm of targeting and surveilling Apple users. The suit, filed Tuesday in a California federal court, seeks to permanently prevent NSO Group from using the Silicon Valley giant’s software, services, or devices.
That could seriously weaken the effectiveness of NSO Group’s spyware product, Pegasus. “State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability,” Craig Federighi, Apple’s senior vice president of software engineering, said in a statement about the filing. “That needs to change.”
NSO has been accused of providing the Pegasus spyware to foreign governments that have used it to target the phones of thousands of dissidents, journalists, and human rights advocates. Apple’s suit seeks unspecified damages, which the company said it hopes to donate to organizations focused on exposing spyware.
The Commerce Department earlier this month added NSO Group to its “entity list” — effectively a blacklist designation meaning that no American organization can work with it — due to concerns about the firm’s involvement in malicious cyber activity.
Facebook in 2019 sued NSO Group, accusing it of using WhatsApp to conduct cyberespionage on journalists, human rights activists, and others. That suit, filed in a California federal court, alleged approximately 1,400 devices were targeted with malicious software to steal valuable information from those using the messaging app.
Smartphones infected with Pegasus are essentially turned into pocket spying devices, allowing the user to read the target’s messages, look through their photos, track their location and even turn on their camera without them knowing.
UN experts have called for an international moratorium on the sale of surveillance technology until regulations are implemented to protect human rights following the Pegasus scandal. Following the initial concern over Pegasus, a subsequent wave of worries emerged when iPhone maker Apple released a fix in September for a weakness that can allow the spyware to infect devices without users even clicking on a malicious message or link.
The so-called “zero-click” is able to silently corrupt the targeted device, and was identified by researchers at Citizen Lab, a cybersecurity watchdog organization in Canada. “Mercenary spyware firms like NSO Group have facilitated some of the world’s worst human rights abuses and acts of transnational repression, while enriching themselves and their investors,” said Citizen Lab director Ron Deibert.
An investigation by a European rights group published earlier in November found that Pegasus spyware was used to hack the phones of staff of Palestinian civil society groups targeted by Israel. The revelations by Frontline Defenders — backed up by Amnesty International and the University of Toronto’s Citizen Lab — were the latest controversy to develop around the software.
