Apple sued NSO Group for selling software to government agencies
On Tuesday, Apple sued the Israeli company NSO Group, which sold software to government agencies and law enforcement agencies that allowed them to hack into iPhones and read data, including information and other communications.
Earlier this year, Amnesty International said it had discovered new iPhones belonging to journalists and human rights lawyers that were infected with Pegasus, the NSO group's malware.
Apple is seeking a permanent injunction to prohibit the NSO Group from using Apple’s software, services, or equipment. The company also seeks over US$75,000.
Apple believes this lawsuit is a warning to other spyware vendors. "The measures taken by Apple today will send a clear message: In a free society, it is unacceptable to weaponize powerful state-sponsored spyware against innocent users and those seeking to make the world a better place," Ivan did. Just like a thread, Apple's safety engineering and construction said on Twitter.
The NSO Group’s software allows “attacks, including governments from sovereign countries, who pay hundreds of millions of dollars to attack a small number of users who have information of particular interest to NSO customers,” In a lawsuit filed in federal court for the Northern District of California, Apple stated that this is not "ordinary consumer malware."
Apple also said on Tuesday that it had patched the vulnerability of the NSO Group's software to obtain iPhone private data through a "zero-click" attack, which delivered malware via SMS, leaving almost no trace of infection.
Apple claims in the lawsuit that users of Pegasus can remotely monitor the activities of iPhone users, collect emails, text messages and browsing history, and access the iPhone’s microphone and camera.
Apple stated that these attacks only targeted a small number of users, and said on Tuesday that it will notify iPhone users who may be attacked by the Pegasus malware.
Apple said in a statement: To install the FORCED ENTRY software on Apple devices, the attacker created an Apple id to send malicious data to the victim's device-allowing NSO Group or its customers to deliver without the victim's knowledge. And install Pegasus spyware."
Apple said that NSO Group created an Apple ID account and violated the iCloud terms of service to operate its spyware.
NSO Group is accused of using "0day" vulnerabilities to create its spyware, or vulnerabilities that Apple has not fixed.
Once Apple fixes the vulnerability, users can protect themselves by updating the iPhone software.
Earlier this year, Amnesty International stated that they found evidence that the iPhone 12 was hacked and obtained a leaked list of 50,000 phone numbers targeted by the NSO Group’s software. The NSO Group’s software was allegedly used to monitor Jamal Khashoggi’s relatives and those close to him. Khashoggi was a columnist for the Washington Post and was killed in Turkey by an assassin working on behalf of Saudi Arabia.
Amnesty International also stated that it found NSO Group malware on the iPhones of a French human rights lawyer, a French activist, an Indian journalist, and a Rwandan activist.
Earlier this month, the U.S. Department of Commerce blacklisted NSO Group and prohibited it from using U.S. technology in its operations.
Meta is also suing NSO Group separately, claiming that it helped hackers attack users of Meta's subsidiary WhatsApp.
Apple said it will donate $10 million to organizations that are committed to combating digital surveillance, as well as any compensation received from this lawsuit.
A spokesperson for the NSO Group said in a statement: "Because customers use NSO Group's technology, thousands of lives around the world have been saved."
"Pedophiles and terrorists can move freely in the technological haven, and we provide the government with legal tools to combat it.
NSO Group will continue to defend the truth. "