Reading Time: 2 minutes

After WhatsApp and Meta (formerly called Facebook), Apple has also sued the Israeli NSO Group over Pegasus spyware attacks on iPhones, turning them into spy devices.

Earlier this year, NSO Group’s spyware was found targeting iPhones via zero-click exploits, later dubbed ForcedEntry by researchers. Pegasus spyware was sold by NSO Group to governments in order to hack into iPhones used by journalists, activists, and criminals. The targets included members of the Arab royal family, Jamal Khashoggi, Al-Jazeera reporters, and many more.

According to Apple, they are “seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices.

On Tuesday, Apple went ahead and filed a lawsuit against the NSO Group and NSO’s parent company. According to Apple, NSO Group should be held responsible for its spying of iPhone users and the lawsuit aims and preventing the use of Pegasus spyware from being used on any Apple software in the future.

“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change. Apple devices are the most secure consumer hardware on the market — but private companies developing state-sponsored spyware have become even more dangerous.” – Apple SVP of Software Engineering Craig Federighi.

Apple has also said that it will be donating $10 million to cyber-surveillance research labs and institutions. Apple is also helping Citizen Lab, the research organization that discovered Pegasus Spyware back in July 2021. The Apple lawsuit has been appreciated by various cybersecurity researchers and organizations.

Ron Deibert, director of Citizen Lab, applauds Apple for holding NSO Group “accountable for their abuses, and hope in doing so Apple will help bring justice to all who have been victimized by NSO Group’s reckless behavior.

NSO’s Pegasus Spyware

Pegasus spyware was designed by NSO Group for governments to remotely access the target’s smartphones camera, microphone, and other vital data. It has been used worldwide to target thousands of iPhone and Android devices. Pegasus spyware doesn’t need any input from the target’s side, as it can infect devices without leaving any trace.

Following the investigation into the spyware, it was revealed that Pegasus can use exploits to attack Photos, Safari, iMessage, Apple Music, and other iOS apps. Apple’s lawsuit also includes ‘Forcedentry’ an exploit used by Pegasus to attack Apple devices. It associated the formation of Apple IDs to forward malicious information to victims, installing Pegasus on the software.

Apple broke down the process of how Pegasus compromised iPhones – by creating Apple IDs, NSO would send malicious data to targets via iMessage. It would get NSO to secretly install the spyware and control the data on iPhones.

Apple has patched this vulnerability and has updated its software bringing advanced security features in its latest iOS 15 update. Apple says its servers were “misused” to send data, but were not compromised or hacked.

Apple’s Lawsuit a “Stake in the Ground”

According to Heather Grenier, Apple’s senior director of commercial litigation, this lawsuit is a ‘stake in the ground, to send a clear signal‘ that it will not allow its users to suffer from this type of violation. Apple also said in its complaint that:

The Court has personal jurisdiction over Defendants because, on information and belief, they created more than one hundred Apple IDs to carry out their attacks and also agreed to Apple’s iCloud Terms and Conditions (“iCloud Terms”), including a mandatory and enforceable forum selection and exclusive jurisdiction clause that constitutes express consent to the jurisdiction of this Court.

NSO was also added to the US Entity List that limits the way US companies sell or provide their technology and data to the company. According to the report, American companies need permission from the US government before buying or selling technology to the companies on the list.

The Pegasus Spyware is a violation of human rights and is condemned across the world. Apple’s lawsuit is a step forward in favour of users’ online privacy and security, as the NSO group needs to respond to the use of its spyware, and its interference in other countries’ politics.