Even as governments remain tight-lipped about their connections with NSO Group that provides spyware services to countries, tech major Apple is suing the commercial group for targeting Apple users, a company press release said.
Earlier this year, the Israel-based NSO Group was caught in the eye of the storm, when investigations revealed that its Pegasus software, aimed at tracking terrorists was being used against social activists and journalists in many countries. Although the group did not reveal who its clients were, it did confirm that it sells its software only to "vetted governments." Apple is now suing the company to "hold it accountable for the surveillance" and "to prevent further abuse and harm to its users," the press release said.
The lawsuit also brought to light how the NSO Group infected iPhones in the past. Apple has said that its software Pegasus used a vulnerability, dubbed FORCEDENTRY, in its image rendering library to infect its devices. First identified by the Citizen Lab, a research group that has been relentlessly working out of The University of Toronto against cyber-surveillance, this vulnerability, was used to break into iPhones and gain access to the camera, microphone, and other sensitive data.
To do so, the NSO Group and its clients used Apple's resources to create fake Apple IDs that were then used to send data across to the targets. Requiring no action on part of the user, the method was used to install the Pegasus software on the devices without the user's consent or knowledge. Apple has since patched this vulnerability and has not observed similar attacks on its devices since. However, to avoid a repeat of such a scenario, Apple is seeking an injunction to ban the NSO Group from using any Apple software, services, or devices, the press release said.
Ivan Krstić, head of Apple Security Engineering and Architecture, commented, "The steps we’re taking today will send a clear message: In a free society, it is unacceptable to weaponize powerful state-sponsored spyware against those who seek to make the world a better place.”
Apple has said that it is notifying users that it has found were targeted using FORCEDENTRY and will continue to notify users in case of another state-sponsored spyware attack. It has urged its users to use the latest software to benefit from new security protections.
CNBC reported that Apple is also seeking $75,000 in damages in this lawsuit and plans to donate the amount with another $10 million to organizations that are fighting digital surveillance.
Earlier this month, the U.S. Department of Commerce, blacklisted the NSO Group for its role in the Pegasus scandal. Another tech company Meta, whose tool Whatsapp was exploited to install Pegasus software on Android devices, also declared that it had filed a lawsuit against NSO Group, CNBC reported last month.