Apple sues NSO Group for targeting its users with spyware

Seeks to bar the Israeli firm from using its products

Apple is suing Israeli surveillance software firm NSO Group and its parent company for misusing Apple's services and products to place a hacking tool on the iPhones of certain users.

The lawsuit was filed in the federal court in San Jose, California, on Tuesday, and alleges that NSO Group was engaged in concerted efforts in 2021 to attack Apple customers, products and servers through dangerous malware and spyware.

Apple wants to hold NSO Group and its parent company OSY Technologies "accountable for the surveillance and targeting of Apple users" and is seeking a permanent injunction to ban NSO Group from using any Apple devices, software or services "to prevent further abuse and harm to its users".

"Defendants are notorious hackers - amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse," Apple wrote in its legal complaint.

The moves comes weeks after the US government placed NSO Group on a trade blacklist, stating that the company's software had "enabled foreign governments to conduct transnational repression, which is the practice of authoritarian governments targeting dissidents, journalists and activists".

NSO denies those claims, saying it only works with law enforcement, military, and intelligence agencies from countries with good human-rights records.

Apple's lawsuit also reveals details about NSO Group's FORCEDENTRY exploit that Apple said enabled threat actors to compromise a victim's Apple device and install the latest version of NSO's Pegasus spyware.

The security vulnerability that was exploited by FORCEDENTRY has now been patched by Apple. The exploit was originally identified by the University of Toronto's Citizen Lab research group.

Apple stated in its complaint that the NSO created more than 100 fake Apple ID user credentials to carry out its attacks. While its servers were not hacked, the Israeli firm misused and manipulated Apple's servers to deliver the attacks on iPhone users.

The complaint also alleges that NSO Group is constantly updating its exploits and malware to overcome Apple's own security upgrades.

In July, Paris-based non-profit Forbidden Stories and Amnesty International said NSO's Pegasus spyware may have been used to snoop on more than 1,000 journalists, rights activists and other prominent individuals, from about 50 countries.

The allegations were based on a list of more than 50,000 phone numbers, believed to belong to potential targets of interest to NSO's clients. It was unclear where the list came from or exactly how many devices were compromised, but forensic analysis of 37 phones whose numbers appeared on the list showed evidence of "attempted and successful" hacks.

French president Emmanuel Macron's phone number also reportedly showed up on the leaked list.

In a separate report, the Citizen Lab said a security weakness in Apple's software enabled attackers to deploy NSO's Pegasus on iPhone, iPad, Apple Watch or Mac computer, without requiring the users to click on any links.

The researchers said they found several malicious image files transmitted to the phone of a Saudi activist via the iMessage instant messaging app. While those files appeared to be GIFs, they were actually PDFs and PSDs. The device was eventually hacked by the Pegasus spyware, the researchers alleged.

Earlier this month, Front Line Defenders (FLD), a Dublin-based international human rights group, claimed that iPhones of six Palestinian human rights activists were hacked in 2020 and 2021 with Pegasus. FLD said it examined 75 iPhones belonging to Palestinian human rights defenders and determined that six of them were compromised using Pegasus.