Apple Sues NSO Group Over iPhone-Hacking Software, Notifies Victims
- Apple filed a lawsuit against NSO and its parent company Q Cyber Technologies.
- The iPhone maker says that the software company’s Pegasus tool was used against Apple customers.
- Earlier this month, the US Commerce Department blacklisted NSO for “malicious cyber activities.”
Apple filed a lawsuit Tuesday against the
firm NSO Group and its parent company Q Cyber Technologies, saying that the Israeli companies market products that have been used to target and harm Apple customers.
In the complaint filed with the US District Court of Northern California, the iPhone maker said the spyware group are “amoral 21st century mercenaries” whose tools have been used against politicians, journalists, activists, and academics.
“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change,” Apple’s senior vice president of software engineering, Craig Federighi, said in a statement.
“While these cybersecurity threats only impact a very small number of our customers, we take any attack on our users very seriously,” he added.
NSO Group did not immediately respond to Insider’s request for comment on the suit.
The lawsuit cites findings from Citizen Lab, a research group at the University of Toronto, which has been documenting nefarious uses of NSO’s Pegasus software for several years.
When Citizen Lab reported in September that iPhones were vulnerable to so-called “zero-click” attacks, Apple issued an emergency update of its operating system to block the Pegasus software from gaining entry.
Earlier this month, the US Commerce Department blacklisted the NSO Group for “malicious cyber activities,” based on evidence that foreign governments used the company’s software to spy on targets both within and outside their sovereign borders.
“NSO’s malicious activities have exploited Apple’s products, injured Apple’s users, and damaged Apple’s business and goodwill,” lawyers for Apple said in the complaint.
“NSO’s malicious products and services have also required Apple to devote thousands of hours to investigate the attacks, identify the harm, diagnose the extent of the impact and exploitation, and develop and deploy the necessary repairs and patches,” the complaint said.
Apple is seeking relief for damages, alleging that NSO violated the Computer Fraud and Abuse Act, the California Business and Professions Code, as well as Breach Of Contract for iCloud’s Terms of Service and Unjust Enrichment for improper use of Apple’s computer servers.
Apple also requested a permanent injunction barring NSO and Q from using any Apple services in the future.
Apple said it plans to contribute $10 million and any damages from the lawsuit to “organizations pursuing cybersurveillance research and advocacy.”