Apple sues NSO Group over Pegasus iPhone spyware

Apple has filed a lawsuit against NSO Group, a firm known for selling the Pegasus spyware tool used by governments to hack iPhones used by criminals, journalists, and activists.

Pegasus is NSO Group's best-known spyware tool, one that was supposedly meant for use against criminal activity, but has been misused against other innocent parties. In a bid to try and stop NSO Group from continuing to provide Pegasus to its clients, Apple filed a lawsuit on Tuesday against both the group and its parent company.

Apple wants to hold NSO Group accountable for its surveillance of some Apple users. The filing is also seeking an injunction to prevent NSO from using any Apple software, services, or devices of any sort.

The lawsuit follows after reports the Pegasus spyware was used against activists and journalists, which first surfaced in July. An indepth investigation determined Pegasus has been used to infiltrate devices used by journalists, potentially since 2016.

By being used against journalists, activists, academics, and government officials, the tool is being used by some governments and agencies to probe those who could be seen as a potential danger.

"State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change," said Apple SVP of Software Engineering Craig Federighi. "Apple devices are the most secure consumer hardware on the market — but private companies developing state-sponsored spyware have become even more dangerous."

"While these cybersecurity threats only impact a very small number of our customers, we take any attack on our users very seriously," Federighi continued, "and we're constantly working to strengthen the security and privacy protections in iOS to keep all our users safe."

Along with the filing, Apple has said it will be contributing $10 million and damages from the lawsuit to organizations related to cybersurveillance research and advocacy.

Apple is also assisting Citizen Lab, a group that Apple commends alongside Amnesty Tech in uncovering and researching the intrusions and surveillance abuse, by providing pro-bono technical, threat intelligence, and engineering assistance for Citizen Lab's research. Apple is also offering the same assistance to other organizations in the same space.

The lawsuit has been applauded by Citizen Lab director Ron Deibert for holding NSO Group "accountable for their abuses, and hope in doing so Apple will help bring justice to all who have been victimized by NSO Group's reckless behavior."

Following the investigation in July, reports surfaced explaining how Pegasus worked, with it using exploits that attacked Safari, Photos, Apple Music, and iMessage, among other iOS elements.

Victims of the attacks were included human rights activists, and lawyers, as well as journalists from high-profile outlets including CNN, the New York Times, and Al Jazeera, . It was also alleged that data leaks pointed to Pegasus being used by Saudi Arabia and the UAE to target smartphones of people who were close to the murdered journalist Jamal Khashoggi.

Following the discovery of the exploits, Apple has worked to update its operating systems, plugging the vulnerabilities and limiting Pegasus' reach.

Apple's filing includes information about "Forcedentry," an exploit for a now-patched vulnerability used to attack a device for the installation of Pegasus. The attack on Apple devices involved the creation of Apple IDs to send malicious data to the victim, enabling Pegasus to be installed without the target's knowledge.

Apple stresses that while its servers were "misused to deliver" the data, the servers themselves were not hacked nor compromised by the attacks.

"At Apple, we are always working to defend our users against even the most complex cyberattacks," said Apple head of Security Engineering and Architecture Ivan Krstic. "The steps we're taking today will send a clear message: In a free society, it is unacceptable to weaponize powerful state-sponsored spyware against those who seek to make the world a better place."