Apple filed a lawsuit against the NSO Group and its parent company on Tuesday to hold it responsible for the Pegasus surveillance scandal.
Apple’s complaint revealed new information on how the NSO Group infected Apple devices with its spyware and requested an injunction to block NSO from targeting iPhones.
“To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices,” Apple said in a statement.
“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change,” said Craig Federighi, Apple’s senior vice president of Software Engineering.
The lawsuit compounds the NSO Group’s troubles as it deals with controversy due to reports that tens of thousands of activists, journalists, and politicians were listed as possible targets of Pegasus spyware.
According to The Guardian, the database indicated individuals identified as persons of interest by government clients of NSO Group.
President Cyril Ramaphosa’s phone number even appeared in a leaked database of potential targets of the Pegasus spyware.
NSO continues to deny any malicious behaviour and insists its software is intended to be used by authorities in fighting terrorism and other crimes.
“Pedophiles and terrorists can freely operate in technological safe-havens, and we provide governments the lawful tools to fight it. NSO group will continue to advocate for the truth,” AP News quoted the firm as saying.
The Biden administration blacklisted NSO to reduce the group’s access to US technology earlier this month, indicating that the firm “enabled foreign governments to conduct transnational repression”.
NSO’s Pegasus spyware essentially allows the company’s clients to read messages, view photographs, track location, and switch on the device’s camera.
In August 2021, an updated version of Pegasus spyware — said to be deployed by the NSO Group — was found on a Bahraini activist’s iPhone.
The software was determined to have infected the device in February 2021.
The so-called “zero-click” attack infected the targeted iOS 14 device undetected and was identified by researchers at Citizen Lab, a Canadian cybersecurity watchdog organisation.
At the time, an Apple spokesperson said that the company had enhanced its defences as part of the iOS 15 software update, which the company officially launched in September 2021.
“Mercenary spyware firms like NSO Group have facilitated some of the world’s worst human rights abuses and acts of transnational repression, while enriching themselves and their investors,” said Rob Deibert, director at Citizen Lab.