Apple has filed a lawsuit against NSO Group, an Israeli surveillance company, that developed and distributed spyware called Pegasus. It was used by some governments to access the iPhones of journalists and activists and steal their photos.
In July, it became known that more than 50,000 phone numbers that were mostly owned by journalists, activists, politicians, and business executives were targetted and hacked by several authoritarian governments using spyware known as Pegasus. Developed by NSO Group, it was able to infect a user’s phone and fully access its contents, including photos, while also being able to secretly activate the cameras and record audio and video.
In August, a group of women journalists and activists showed how and why governments did this by hacking into their phones, stealing their private photos, and posting them to social media in an attempt to intimidate and silence them.
Pegasus was able to infect a device from an SMS text, iMessage, through WhatsApp, or even through a range of other vulnerabilities that were yet to be identified. Because it was able to infect iPhones and Android devices through methods that were not known, it was extremely difficult or impossible to prevent infection. As PetaPixel reported, Pegasus can be delivered to a device through what is known as a “zero-click” exploit, which does not require the host to actually click the link to allow it to infect their device as it takes advantage of what was described at the time as a yet undiscovered vulnerability in Apple’s iOS.
Apple is now looking to hold NSO Group accountable for the surveillance and targetting of Apple users through Pegasus, according to the New York Times. Apple alleges that NSO Group has been abusing its products and that it plans to donate the proceeds from the damages it looks to collect as part of the lawsuit to organizations that expose spyware.
Apple also wants to permanently prevent NSO from using any Apple software, services, or devices. If granted, it could render Pegasus software useless and destroy a large portion of the company’s core business.
“This is Apple saying: If you do this, if you weaponize our software against innocent users, researchers, dissidents, activists or journalists, Apple will give you no quarter,” says Apple’s head of security engineering and architecture, Ivan Krstic.
“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change,” says Craig Federighi, Apple’s senior vice president of Software Engineering.
“Apple devices are the most secure consumer hardware on the market — but private companies developing state-sponsored spyware have become even more dangerous. While these cybersecurity threats only impact a very small number of our customers, we take any attack on our users very seriously, and we’re constantly working to strengthen the security and privacy protections in iOS to keep all our users safe.”
NSO Group says it sells spyware to Governments only for lawful use, and argues that “thousands of lives were saved around the world thanks to NSO Group’s technologies.”
In addition to Apple’s lawsuit and a similar one from Facebook in 2019 for how the company targetted WhatsApp users (and a California court recently decided to reject NSO’s motion to dismiss Facebook’s lawsuit), NSO Group has additionally been blacklisted by the Biden administration, which prevents any United States-based company from working with NSO. The compounding issues have led to NSO at risk of defaulting on its nearly $500 million in debt, and the company reportedly has severe cash flow issues.
The New York Times says that NSO claims it would investigate any accusations of abuse of its spyware, but the Times shows the company has not stopped governments from continuing to misuse its spyware even if it was made aware of it.
Image credits: Header photo licensed via Depositphotos.