WASHINGTON — Apple sued Israeli spyware maker NSO Group on Tuesday for targeting the users of its devices, saying the firm at the center of the Pegasus surveillance scandal needs to be held accountable.
The suit from the Silicon Valley giant adds new trouble for NSO, which was engulfed in controversy over reports that tens of thousands of activists, journalists and politicians were listed as potential targets of its Pegasus spyware.
The United States Department of Commerce just weeks ago announced it was blacklisting NSO, restricting the Herzliya-based firm’s ties with American companies over allegations that it “enabled foreign governments to conduct transnational repression.”
“To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices,” Apple said in a statement announcing the lawsuit.
“NSO Group creates sophisticated, state-sponsored surveillance technology that allows its highly-targeted spyware to surveil its victims,” it added.
Apple also appeared to point a finger at Israel, with its vice president Craig Federighi saying in a statement that “state-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change.”
Following the initial concern over Pegasus, a subsequent wave of worries emerged when iPhone maker Apple released a fix in September for a weakness that can allow the spyware to infect devices without users even clicking on a malicious message or link.
The so-called “zero-click” is able to silently corrupt the targeted device, and was identified by researchers at Citizen Lab, a cybersecurity watchdog organization in Canada.
Apple is also seeking unspecified damages from NSO Group over what it says is the time and money it cost to respond to the spyware maker’s alleged abuse of its products, adding in its statement that it would donate any payouts to organizations that expose such spyware.
“This is Apple saying, ‘If you do this, if you weaponize our software against innocent users, researchers, dissidents, activists or journalists, Apple will give you no quarter,’” head of security at Apple Ivan Krstic told The New York Times on Monday.
This is the second time NSO Group has been targeted by a major US firm, with Facebook suing the Israeli company in 2019 for alleged targeting users of its WhatsApp messaging application.
Earlier this month, a US Court of Appeals rejected a motion by NSO Group to throw out Facebook’s suit against it. In a 3-0 vote, the court rejected NSO’s defense that it “could claim foreign sovereign immunity,” opening up the firm to additional suits such as the one filed by Apple on Tuesday.
Apple’s lawsuit comes a day after the Moody’s credit rating agency published figures indicating that NSO Group is at growing risk of defaulting on about $500 million of debt amid upcoming cash flow issues following the US blacklisting.
NSO Group has faced a torrent of international criticism over allegations it helps governments spy on dissidents and rights activists. NSO insists its product is meant only to assist countries in fighting crime and terrorism.
The firm’s flagship spyware, Pegasus, is considered one of the most powerful cyber-surveillance tools available on the market, giving operators the ability to effectively take full control of a target’s phone, download all data from the device, or activate its camera or microphone without the user knowing.
Ricky Ben David contributed to this report.