Apple CEO Tim Cook delivers the keynote address during the 2020 Apple Worldwide Developers Conference (WWDC) at Steve Jobs Theater in Cupertino, California.
Brooks Kraft/Apple Inc/Handout via Reuters
Apple on Tuesday sued NSO Group, an Israeli firm that sells software to government agencies and law enforcement that enables them to hack iPhones and read the data on them, including messages and other communications.
Earlier this year, Amnesty International said it discovered recent-model iPhones belonging to journalists and human rights lawyers that had been infected with NSO Group malware called Pegasus.
Apple is seeking a permanent injunction to ban NSO Group from using Apple software, services, or devices. It’s also seeking damages over $75,000.
Apple considers the lawsuit to be a warning to other spyware vendors. “The steps Apple is taking today will send a clear message: in a free society, it is unacceptable to weaponize powerful state-sponsored spyware against innocent users and those who seek to make the world a better place,” said Ivan Krstic, Apple’s head of security engineering and architecture, in a tweet.
NSO Group software permits “attacks, including from sovereign governments that pay hundreds of millions of dollars to target and attack a tiny fraction of users with information of particular interest to NSO’s customers,” Apple said in the lawsuit filed in federal court in the Northern District of California, saying that it is not “ordinary consumer malware.”
Apple also said on Tuesday it has patched the flaws that enabled the NSO Group software to access private data on iPhones using “zero-click” attacks where the malware is delivered through a text message and leaves little trace of infection.
Pegasus’ users can remotely surveil the iPhone owner’s activities, collect emails, text messages and browsing history, and access the device’s microphone and camera, Apple alleged in its lawsuit.
Apple said the attacks were only targeted at a small number of customers, and said on Tuesday it will inform iPhone users that may have been targeted by Pegasus malware.
“To deliver FORCEDENTRY to Apple devices, attackers created Apple IDs to send malicious data to a victim’s device — allowing…