Apple sues NSO Group, the Pegasus spyware maker

Apple says it aims to "curb the abuse of state-sponsored spyware".

NSO Group HQ

On Tuesday, Apple filed a lawsuit against NSO Group and its parent company. The Cupertino iDevice giant’s complaint against the Israel-based cybersecurity outfit was that the NSO Group has infected innocent citizens’ devices with its Pegasus spyware. Apple doesn’t want this type of suspicious activity going on in the background for its products, and is thus seeking “a permanent injunction to ban NSO Group from using any Apple software, services, or devices.”

In a press release about the legal action, Apple described NSO Group’s core offer as the creation of “sophisticated, state-sponsored surveillance technology that allows its highly targeted spyware to surveil its victims.” The problem is that while NSO-facilitated attacks are aimed at just a very small number of users they impact many more people, across multiple platforms, and there is a history of NSO Group wares being abused by not just the governments/organisations who have paid for it but by various other parties. Even if it didn’t get into other nefarious sets of hands, some governments will use this kind of spyware to target journalists, activists, dissidents, academics, and government officials.

Apple takes aim at ‘state-sponsored’ actors

Craig Federighi, Apple’s SVP of Software Engineering, put his view forward on the threats to innocent parties posed by wares from the NSO Group. “State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability,” noted Federighi. “That needs to change.”

The latest method that NSO has been using to secretly install Pegasus on Apple devices is dubbed “ForcedEntry”. Apple is pleased to observe that there have been no breaches of devices running iOS15 or newer, but it devotes significant resources in finding vulnerabilities, monitoring new threats, and defending users from cyberattacks. Apple has started notifying users it sees targeted by NSO’s ForcedEntry.

Wrapping up, Apple hopes that the lawsuit will highlight “NSO Group’s flagrant violations of US federal and state law, arising out of its efforts to target and attack Apple and its users,” and will result in action being taken by legal/governmental powers.

The Verge notes that NSO was recently added to the US Entity List, which limits the ways US-registered companies can sell or provide their technology to the company. This change has apparently already had a serious impact on NSO’s business.

To further demonstrate its benevolence, not just Apple device users but the public in general with regard to the fundamental right to privacy, Apple has just announced it will be contributing US$10 million to support cyber surveillance researchers and advocates.