Apple Sues NSO Group for Spyware Use

The company seeks to hold Israeli firm NSO Group liable for the targeting of Apple users and requests a permanent injunction to ban its use of Apple products and services.

Kelly Sheridan, Former Senior Editor, Dark Reading

November 23, 2021

3 Min Read
white apple logo on black background
Source: Malcolm Haines via Alamy Stock Photo

Apple is suing Israeli spyware maker NSO Group and its parent company Q Cyber "to hold it accountable for the surveillance and targeting of Apple users" and seek a permanent injunction to ban NSO Group from using Apple devices, software, and services, officials report.

The lawsuit directly aims at NSO Group's core business, which creates sophisticated surveillance technology that allows its users to spy on target devices. Amnesty International reported earlier this year on attacks that NSO Group customers launched against iPhones, potentially affecting thousands of Apple users — including activists, journalists, and politicians — with its spyware.

"State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change," said Craig Federighi, Apple's senior vice president of software engineering, in a statement.

NGO Group's software is "far more insidious and often highly sophisticated" compared with ordinary consumer malware, Apple writes in its complaint. It allows well-resourced individuals, such as sovereign governments, to pay hundreds of millions of dollars to target a small amount of people with information of particular interest to the NSO Group customer targeting them.

These malicious activities "have exploited Apple's products, injured Apple's users, and damaged Apple's business and goodwill," the complaint states. NSO Group's products have required the company to spend "thousands of hours" investigating the attacks, identifying the harm done, determining the extent of exploitation, and developing all the necessary repairs and patches.

Apple will seek compensation for damages incurred while addressing these attacks, its complaint states. The amount will be proven at trial.

The company's legal complaint includes details on FORCEDENTRY, a zero-click exploit targeting a now-patched vulnerability that was previously used to break into Apple devices and install the newest version of NSO Group's spyware, Pegasus. FORCEDENTRY was first detected in March by the University of Toronto's Citizen Lab.

Further, the complaint states NSO Group and Q Cyber, created at least 100 Apple IDs to use in deploying the exploit. They used their computers to contact Apple servers in the US and abroad to identify other Apple devices. The defendants then sent abusive data they created through Apple servers to target phones using the iMessage service. This allowed NSO Group and its clients to install Pegasus spyware without the victim's knowledge.

In addition to requesting a permanent injunction that would restrain defendants from accessing and using any Apple servers, devices, hardware, software, and applications, Apple also requests a permanent injunction requiring defendants to identify the location of data obtained from its users' devices, hardware, software, and applications, and delete that data. It also requests an injunction restraining the defendants from developing and using spyware on its products.

Apple says only a small number of users may have been targeted with FORCEDENTRY, and it is notifying them as well as any other users who may be affected by activity consistent with a state-sponsored attack in the future.

The company plans to contribute $10 million, as well as any damages from the lawsuit, to organizations pursing cybersurveillance and advocacy, Apple officials said in a statement.

News of the lawsuit arrives weeks after the US Commerce Department blacklisted NSO Group, along with three other organizations, for "engaging in activities that are contrary to the national security or foreign policy interests of the United States." NSO Group was blacklisted based on evidence that it developed and supplied spyware to foreign governments who used them to target government officials, journalists, businesspeople, academics, and embassy workers.

NSO Group activity may be putting its relationships with other governments in jeopardy, new reports indicate. A report from MIT Technology Review states that this summer, as NSO Group was accused of targeting French President Emmanuel Macron, French government officials were in negotiations to buy Pegasus spyware. Sources say the process dissolved after learning French officials may have been targeted.

Then the US sanctioned NSO Group, and it has reportedly been difficult for the company to improve matters. The report states that the situation has led to low morale and a "severe doubt" about the company's future if it's not removed from the US blacklist.

About the Author(s)

Kelly Sheridan

Former Senior Editor, Dark Reading

Kelly Sheridan was formerly a Staff Editor at Dark Reading, where she focused on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial services. Sheridan earned her BA in English at Villanova University. You can follow her on Twitter @kellymsheridan.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights