Apple has alleged that NSO Group of exploits vulnerabilities in its iPhones to sell its “Pegasus” spyware to governments accused of human rights abuses.
Apple has filed a lawsuit against the NSO Group, which created Pegasus, a spyware program primarily used by national-level intelligence agencies.
According to TechCrunch, Apple’s lawsuit seeks a permanent injunction to prevent NSO Group from installing Pegasus on any Apple products.
TechCrunch notes that NSO Group, headquartered in Israel, developed Pegasus several years ago. Pegasus permits governments near-total access to individual cell phones, giving intelligence officers the ability to peruse users’ personal information, photographs, messages, and location data.
Pegasus, adds TechCrunch, works by exploiting little-known vulnerabilities in Apple iPhone’s security systems.
While NSO Group has not named any of its state-level customers, activists believe that the governments of at least Bahrain, Saudi Arabia, Rwanda, the United Arab Emirates, and Mexico have purchased Pegasus.
Many of these governments allegedly used Pegasus to target journalists and human rights advocates, who may have inadvertently downloaded the spyware after opening malicious links hidden in text messages.
In its filing, Apple used harsh terms to describe NSO Group, calling its management “notorious hackers — amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse. They design, develop, sell, deliver, deploy, operate, and maintain offensive and destructive malware and spyware products and services that have been used to target, attack, and harm Apple users, Apple products, and Apple.”
Apple officials say they do not wish for their products to be used against people who are simply trying to identify and address human rights crises.
“At Apple, we are always working to defend our users against even the most complex cyberattacks. The steps we’re taking today will send a clear message: In a free society, it is unacceptable to weaponize powerful state-sponsored spyware against those who seek to make the world a better place,” said Apple security chief Ivan Krstić. “Our threat intelligence and engineering teams work around the clock to analyze new threats, rapidly patch vulnerabilities and develop industry-leading new protections in our software and silicon. Apple runs one of the most sophisticated security engineering operations in the world, and we will continue to work tirelessly to protect our users from abusive state-sponsored actors like NSO Group.”
Apple said that it is actively notifying anyone it believes may have been targeted by Pegasus.
While NSO Group insists that its spyware has not been used to suppress human rights overseas, non-profit advocacy Electronic Frontier Foundation questioned the company’s claims.
“I think it’s highly unlikely they had no ability to control and no idea about the misuses of their software — especially over the past year or two because Citizen Lab and other organizations have been documenting the misuse of the software,” EFF Executive Director Cindy Cohen said. “I mean, after [Jamal] Khashoggi was killed, how do you not wonder?”