Apple is suing an “abusive” Israeli software firm whose spyware has been used by numerous totalitarian governments to spy on journalists, human rights activists, and other persons of interest.
The technology giant this month filed a lawsuit against Tel Aviv firm NSO Group and its parent company, Q Cyber Technologies, seeking damages and a permanent ban preventing the group from using any Apple software, services, or devices.
As part of its campaign against NSO, Apple will fund and provide technical support for anti-surveillance technology groups.
The NSO’s use of FORCEDENTRY – a now-fixed vulnerability that can bypass security controls in Apple’s iOS operating system – enabled it to install Pegasus spyware on targetted iPhones without the victim’s knowledge.
Once installed, Pegasus monitors iPhone activity and communications over iMessage, FaceTime, and third-party software like Facebook and WhatsApp.
It is putatively designed to support law-enforcement agencies and the company claims to “hold ourselves to the highest standards for ethical businesses”, but its historical sales to governments such as Bahrain, Panama, Dubai, and Saudi Arabia – which used it to surveil Washington Post journalist Jamal Khashoggi before he was murdered – have drawn widespread condemnation.
In July, a major multinational investigation, called the Pegasus Project, united 16 media outlets to investigate NSO Group and found a list of 50,000 journalists and politicians targetted by its clients.
More recently, Pegasus was found on the devices of six Palestinian human-rights activists.
“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability,” said Apple senior vice president of software engineering Craig Federighi in announcing the lawsuit, which also seeks damages for “flagrant violations of US federal and state law”.
“Private companies developing state-sponsored spyware have become even more dangerous,” Federighi said, lauding the efforts of security researchers at the University of Toronto’s Citizen Lab – who discovered that the ‘zero-click’ Pegasus malware can be…