NSO Group is an Israeli firm that sells software to government agencies and law enforcement that enables them to hack iPhones and read the data on them. This Tuesday, Apple sued the company for this very reason.
Amnesty International had found out that the new model iPhones that belonged to journalists and human rights lawyers had been infected with NSO Group malware called Pegasus.
Apple wants the court to permanently ban NSO Group from using Apple software, services, or devices. It is also asking for $75000 in damage.
“The steps Apple is taking today will send a clear message: in a free society, it is unacceptable to weaponize powerful state-sponsored spyware against innocent users and those who seek to make the world a better place,” Ivan Krstic, Apple’s head of security engineering and architecture, said in a tweet.
NSO Group software permits “attacks, including from sovereign governments that pay hundreds of millions of dollars to target and attack a tiny fraction of users with information of particular interest to NSO’s customers,” Apple said in the lawsuit filed in federal court in the Northern District of California, saying that it is not “ordinary consumer malware.”
The company accessed the data through “zero-click” attacks on iPhones and now Apple has mended the loophole. NSO was delivering the malware through a text message from where it left little traces of infection. They were able to virtually access iPhone owner’s activities, collect emails, text messages, and browsing history, and access the device’s microphone and camera.
“To deliver forced entry to Apple devices, attackers created Apple IDs to send malicious data to a victim’s device — allowing NSO Group or its clients to deliver and install Pegasus spyware without a victim’s knowledge,” Apple said in its announcement. “Though misused to deliver forced entry, Apple servers were not hacked or compromised in the attacks.”
Apple also stated that the NSO Group created Apple ID accounts and violated the iCloud terms of service to run its spyware. It is said to have used “0day” bugs to create its spyware or flaws that Apple has not yet fixed.
Amnesty International claims to have found a leaked list of 50,000 phone numbers targeted by NSO Group software. NSO Group software is alleged to have been used to monitor relatives and people close to Jamal Khashoggi who was a Washington Post columnist who was killed in Turkey by assassins working on behalf of Saudi Arabia.
The U.S. Commerce Department blacklisted NSO Group earlier this month. Meta is also severing ties with the NSO Group.
“Thousands of lives were saved around the world thanks to NSO Group’s technologies used by its customers,” an NSO Group spokesperson said in a statement. “Pedophiles and terrorists can freely operate in technological safe-havens, and we provide governments the lawful tools to fight it. NSO Group will continue to advocate for the truth.”