Apple sues spyware maker NSO Group
Catalin Cimpanu November 23, 2021

Apple sues spyware maker NSO Group

Apple sues spyware maker NSO Group

Apple announced earlier today that it filed a lawsuit against NSO Group, the Israeli company behind Pegasus, a powerful spyware and surveillance platform capable of infecting and taking over even the most secure and up-to-date iPhones.

Apple cited the repeated abuse of this tool to breach and spy on innocent victims by oppressive regimes.

“Researchers and journalists have publicly documented a history of this spyware being abused to target journalists, activists, dissidents, academics, and government officials,” the OS maker said in a press release today.

According to court documents [sourcearchive], Apple is now seeking a court injunction against NSO Group, asking a judge to ban the company from using its devices and software.

In legal terms, the injunction would effectively prevent NSO from deploying the Pegasus spyware on new Apple devices and would also block NSO employees from updating the spyware to support new iOS releases.

Apple is the second major tech company that has sued the NSO Group in a US court. In October 2019, Facebook (now rebranded as Meta) had also sued the Israeli spyware maker for creating and using a WhatsApp zero-day in May 2019.

Just like in Apple’s lawsuit today, Facebook said the NSO Group sold the zero-day to questionable customers who then abused it to hack into the devices of seemingly innocent people, like attorneys, journalists, human rights activists, political dissidents, diplomats, and government officials, as part of a broad surveillance operation.

In Apple’s case, the OS maker cited a recent iOS zero-day named FORCEDENTRY that the NSO Group developed earlier this year.

Citizen Lab report claims the iOS zero-day appears to have sold to a Bahrain government client, which then abused it to hack dissidents, bloggers, and political rivals.

“Mercenary spyware firms like NSO Group have facilitated some of the world’s worst human rights abuses and acts of transnational repression, while enriching themselves and their investors,” said Ron Deibert, director of the Citizen Lab at the University of Toronto.

“I applaud Apple for holding them accountable for their abuses, and hope in doing so Apple will help to bring justice to all who have been victimized by NSO Group’s reckless behavior.”

Apple to donate $10 million and lawsuit winnings

In addition, Apple said it would be donating $10 million, as well as any damages from the lawsuit, to organizations conducting research on cyber-surveillance tools.

Because Citizen Lab exposed most of the spying campaigns conducted with NSO’s Pegasus spyware, Apple said it would also be providing pro-bono support to the research laboratory, which operates at the Munk School of Global Affairs & Public Policy, at the University of Toronto.

Reached out for comment, the NSO Group provided the following statement:

“Thousands of lives were saved around the world thanks to NSO Group’s technologies used by its customers. Pedophiles and terrorists can freely operate in technological safe-havens, and we provide governments the lawful tools to fight it. NSO group will continue to advocate for the truth.”

Is Apple being opportunistic?

The Apple lawsuit also comes after the US government also dealt a blow to the Israeli company last month when it sanctioned its operations, effectively preventing US companies from engaging with NSO.

According to a report published today, hours before the lawsuit became public, the sanctions caused a deep crisis at the Israeli company, now on the verge of shuttering.

“To me, Apple’s announcement is very opportunistic and looks more like a campaign to cuddle and get on the good side of the research community (i.e. contributing 10 million USD plus any damages from the lawsuit),” Stefan Soesanto, Senior Cyber Defence Researcher at the Center for Security Studies at the Swiss Federal Institute of Technology (ETH) in Zurich, told The Record.

“Meta/Whatsapp did all the heavy lifting with their ongoing NSO lawsuit, the US government blacklisted NSO earlier this month, and now Apple is swooping in to collect on the low-hanging fruits.

“Overall, I think this is more about Apple trying to polish and redirect the narrative on its security and privacy shortcomings than about NSO,” Soesanto added.

Article updated with NSO Group statement.

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.