Apple sues NSO Group, spyware vendor known for helping governments hack critics
Apple is suing Israeli spyware vendor NSO Group “to hold it accountable for the surveillance and targeting of Apple users,” the company announced Tuesday.
The technology company is seeking to permanently ban NSO Group from using any Apple software, services or devices amid reports that the firm sells technology that makes it possible for governments to hack individual devices to spy on journalists, dissidents and human rights activists. As part of those efforts NSO Group has developed exploits capable of subverting Apple’s security controls, requiring “thousands of hours to investigate the attacks, identify the harm, diagnose the extent of the impact and exploitation, and develop and deploy the necessary repairs and patches to ensure that Apple servers,” the suit says.
In a statement, NSO Group claimed without evidence that its technologies have saved lives around the world. The statement did not address Apple’s suit.
“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability,” Craig Federighi, Apple’s senior vice president of software engineering, said in a statement. “Apple devices are the most secure consumer hardware on the market — but private companies developing state-sponsored spyware have become even more dangerous.”
The U.S. government added NSO Group to its sanctions list on Nov. 4, citing its spyware being used to “maliciously target government officials, journalists, business people, activists, academics, and embassy workers.” The company had previously been sued by Facebook in 2019 for targeting WhatsApp users.
Apple said it’s lawsuit includes new information on NSO Group’s FORCEDENDTRY exploit, which used a since-patched iMessage vulnerability in Apple devices to install the Pegasus spyware. In September the human rights group Citizen Lab discovered the exploit during an analysis of a Saudi activist’s phone. Investigators determined it was effective against Apple iOS, MacOS and WatchOS devices, suggesting it had been in use since at least February 2021.
In the suit, Apple’s lawyers refers to NSO Group as “notorious hackers—21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse.” Apple also alleges that NSO Group created more than 100 Apple IDs in pursuit of its work, which violates Apple iCloud’s terms of service which seeks to prevent it from being used to “stalk, harass, threaten or harm another.”
“NSO is now poison,” Ron Deibert, the director of Citizen Lab, told the New York Times, which first reported the suit. “No one in their right mind will want to touch that company. But it’s not just one company, this is an industrywide problem.”
NSO Group was already facing stiff headwinds after the U.S. government sanctions. Wall Street was treating the company as “distressed” and on the brink of being unable to pay its debt, Bloomberg previously reported. Its CEO stepped down after less than two weeks on the job.
Updated 11/23/21: To include a response from NSO Group.