Apple sues Israeli spyware maker NSO Group and its parent company Q Cyber ”for holding it responsible for monitoring and targeting Apple users” and seeks a permanent injunction banning NSO Group from using Apple devices, software and services, reports officials.
The lawsuit is aimed directly at NSO Group’s core business, which creates sophisticated surveillance technology that allows its users to spy on target devices. Amnesty International reported earlier this year on attacks launched by NSO Group customers on iPhones that potentially affect thousands of Apple users – including activists, journalists and politicians – with their spyware.
“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change,” said Craig Federighi, Apple’s senior vice president of software engineering, in a statement.
NGO Group’s software is “far more insidious and often very sophisticated” compared to regular consumer malware, Apple writes in its complaint. It enables individuals with good resources, such as sovereign governments, to pay hundreds of millions of dollars to target a small amount of people with information of particular interest to the NSO Group customer who targets them.
These malicious activities “have harmed Apple products, harmed Apple users, and harmed Apple business and goodwill,” the complaint said. NSO Group’s products have required the company to spend “thousands of hours” investigating the attacks, identifying the damage caused, determining the extent of the exploitation and developing all the necessary repairs and patches.
Apple will seek compensation for damages incurred during the processing of these attacks, it said in its complaint. The amount will be proven during the trial.
The company’s legal complaint includes details about FORCEDENTRY, a zero-click exploit targeting a now-patched vulnerability that was previously used to hack into Apple devices and install the latest version of NSO Group’s spyware, Pegasus. FORCEDENTRY was first discovered in March by the University of Toronto’s Citizen Lab.
Furthermore, the complaint states that NSO Group and Q Cyber have created at least 100 Apple IDs to use to implement the exploitation. They used their computers to contact Apple servers in the United States and abroad to identify other Apple devices. The defendants then sent abuse data, which they created through Apple servers to target phones using the iMessage service. This enabled the NSO Group and its customers to install Pegasus spyware without the victim’s knowledge.
In addition to requesting a permanent ban that would prevent the defendant from accessing and using Apple servers, devices, hardware, software and applications, Apple is also requesting a permanent ban that requires the defendant to identify the location of data obtained from its users’ devices, hardware, software and applications, and delete that data. It also requests an injunction restraining the defendants from developing and using spyware on its products.
Apple says that only a small number of users may have been targeted with FORCEDENTRY, and it notifies them as well as other users who may be affected by activity in accordance with a state-sponsored attack in the future.
The company plans to contribute $ 10 million, as well as any damages from the lawsuit, to organizations pursuing cyber-surveillance and advocacy, Apple officials said in a statement.
The news of the lawsuit comes weeks after the U.S. Department of Commerce blacklisted the NSO Group, along with three other organizations, for “participating in activities that are contrary to U.S. national security or foreign policy interests.” The NSO Group was blacklisted based on evidence that it developed and delivered spyware to foreign governments, which used it to target officials, journalists, business people, academics and embassy workers.
The NSO group’s activity could jeopardize its relations with other governments, new reports show. A report by the MIT Technology Review states that this summer, when the NSO Group was accused of attacking French President Emmanuel Macron, French officials were in negotiations to buy Pegasus spyware. Sources say the process was dissolved after learning that French officials may have been targeted.
Then the United States sanctioned the NSO Group, and it has reportedly been difficult for the company to improve things. The report states that the situation has led to low morale and a “serious doubt” about the future of the company if it is not removed from the US blacklist.