Apple has joined WhatsApp and Meta in suing the Israeli-based NSO Group over its Pegasus spyware.
The company announced a lawsuit against the NSO Group today in order to “curb the abuse of state-sponsored spyware.” Apple is suing for monetary damages (which were not disclosed in today’s announcement) and is attempting to prevent the NSO Group from using any “Apple software, services, or devices” in the future.
Apple’s sights are set on state-sponsored spyware.
According to Apple’s announcement of this lawsuit today, the NSO Group is responsible for FORCEDENTRY, a zero-click exploit that installs the Pegasus spyware on personal devices by exploiting an integer overflow vulnerability. Apple cites a Citizen Lab report from September as proof that the NSO Group is using Pegasus to spy on “journalists, activists, dissidents, academics, and government officials,” infringing on human rights.
While Apple has patched the vulnerability and claims that Pegasus was only used to attack a “small number” of users, the idea that the NSO Group has been abusing the software to spy on political opponents, journalists, and academics on behalf of Israel is extremely concerning.
“State-sponsored actors, such as the NSO Group, spend millions of dollars on sophisticated surveillance technologies with no accountability.” “That needs to change,” said Craig Federighi, Apple’s SVP of software engineering, in today’s announcement. “While Apple devices are the most secure consumer hardware available, private companies developing state-sponsored spyware have become even more dangerous.” While these cybersecurity threats affect only a small number of our customers, we take any attack on our users very seriously, and we’re constantly working to improve iOS’s security and privacy protections to keep all of our users safe.”
Apple is not alone in its opposition to NSO Group.
This lawsuit appears to be a line in the sand for Apple. “This is Apple’s way of saying: If you do this, if you weaponize our software against innocent users, researchers, dissidents, activists, or journalists, Apple will give you no quarter,” Apple’s head of security engineering and architecture told The New York Times this week.
Apple, WhatsApp, and Meta aren’t the only ones pursuing the NSO Group. Not only did Microsoft, Google, and Cisco support the Meta (then-Facebook) lawsuit against the organization, but these zero-click exploits have also piqued the interest of the US government. According to the New York Times, the Biden administration has blacklisted both NSO Group and another company, Candiru, so no US-based organization can work with either.
Apple announced today that it will donate $10 million plus any damages from this lawsuit to “organizations pursuing cybersurveillance research and advocacy,” including the aforementioned Citizen Lab and Amnesty Tech. The company also claims that it hasn’t seen any evidence of remote attacks on devices running iOS 15 or later, so if you’re still on an older version of iOS, it sounds like it’s a good idea to install any software updates that are available.
The company will contact those who have been affected by these zero-click exploits and the Pegasus spyware. Furthermore, we will keep you updated on this lawsuit and any others that the NSO Group may face from US-based companies.
READ ALSO: Amazon and Apple Fined $225 Million in Italy for Alleged Collusion