Wednesday 24 November 2021

Apple sues Israeli spyware firm NSO after Pegasus spyware was used to attack ‘customers worldwide’

 Tech giant Apple is suing Israel's NSO Group as it seeks to block the 'hacker-for-hire' spyware company from breaking into one billion iPhones in circulation and other gadgets. 

Apple said it is suing NSO after the company's software, called Pegasus, was used to attack a small number of its customers worldwide.

In a complaint filed in court in California yesterday, it said NSO employees 'have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse'.    

The suit from the Silicon Valley giant adds to the trouble facing embattled NSO, which was engulfed in controversy over reports that tens of thousands of activists, journalists and politicians were listed as potential targets of its Pegasus spyware. 

US authorities just weeks ago blacklisted NSO to restrict exports from American groups over allegations the Israel firm 'enabled foreign governments to conduct transnational repression.' 

Hacking threat: Apple said NSO’s software, called Pegasus, was used to attack a small number of its customers worldwide

Hacking threat: Apple said NSO's software, called Pegasus, was used to attack a small number of its customers worldwide

Craig Federighi, Apple's senior vice-president of software engineering, said the Israeli firm 'spends millions of dollars on sophisticated surveillance technologies without effective accountability'.

'To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices,' Apple said in a statement announcing the lawsuit filed in US federal court in California.

'Defendants are notorious hackers - amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse,' the iPhone maker wrote in its case. 

NSO has consistently denied any wrongdoing and insisted its software is intended for use by authorities only in fighting terrorism and other crimes. 

'Pedophiles and terrorists can freely operate in technological safe-havens, and we provide governments the lawful tools to fight it. NSO group will continue to advocate for the truth,' the firm said in a statement.

NSO was recently blacklisted by the US Commerce Department and is also being sued by Facebook after the software allegedly intruded via its encrypted WhatsApp messaging service.

Smartphones infected with Pegasus are essentially turned into pocket spying devices, allowing the user to read the target's messages, look through their photos, track their location and even turn on their camera without them knowing.

Apple says there are 1.65 billion active Apple devices worldwide, including over a billion iPhones.  

The suit from Apple is not the first from a Big Tech firm - Facebook sued NSO Group in 2019, accusing it of using the WhatsApp messenger to conduct cyberespionage on journalists, human rights activists and others.

That suit, filed in a California federal court, alleged approximately 1,400 devices were targeted with malicious software to steal valuable information from those using the messaging app.

'This can't be good news for NSO, which is reportedly in danger of default with over $500 million in debt, a recent leadership shakeup with their CEO, and France pulling out of a planned purchase after the US sanctions,' said Jake Williams from cybersecurity firm BreachQuest.

Following the initial concern over Pegasus, a subsequent wave of worries emerged when Apple released a fix in September for a weakness allowing NSO's spyware to infect devices without users even clicking on a malicious message or link.

The so-called 'zero-click' attack is able to silently corrupt the targeted device, and was identified by researchers at Citizen Lab, a cybersecurity watchdog organization in Canada.

Apple said Tuesday it is notifying the 'small number' of users that it discovered may have been targeted by those types of attacks.

'Mercenary spyware firms like NSO Group have facilitated some of the world's worst human rights abuses and acts of transnational repression, while enriching themselves and their investors,' said Citizen Lab director Ron Deibert.

It comes after Amnesty International and a consortium of global media outlets claimed that Pegasus software, which is manufactured by NSO, was actually being used by governments to spy on journalists, officials, royals and individuals including murdered Saudi Arabian journalist Jamal Khashoggi's widow.

The journalists targeted included Ben Hubbard, the New York Times' Beirut Bureau Chief, and Azam Ahmed, the Times' Mexico Bureau Chief, along with other journalists based in India, the Morocco, Mexico and Azerbaijan.

Others include reporters working for the Associated Press, Bloomberg, The Wall Street Journal and CNN, but many have not been named. 189 journalists were targeted. The US government didn't name any of the countries said to have misused the software, and said they weren't taking any action against those nations. 

NSO released a statement via its US-based lawyer, Clare Locke, to say it had nothing to do with any misuse of Pegasus, and that it had taken action against customers who'd used the product for nefarious purposes. 

Post a Comment

Start typing and press Enter to search