Apple Sues NSO Group for Hacking Its Users

Apple sued the infamous Israeli spyware vendor NSO Group on Tuesday to "curb the abuse of state-sponsored spyware."

"The complaint provides new information on how NSO Group infected victims’ devices with its Pegasus spyware," Apple wrote in a press release. "To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices."

The tech giant’s lawsuit is just the latest in a string of bad news for NSO in the last few weeks. Earlier this month, the US government announced that it had added NSO Group to a denylist that will make it harder for the company to acquire any software, hardware, and services made in the United States. A few days later, NSO ’s newly appointed CEO quit. Then on Monday, the credit rating firm Moody’s warned investors that NSO is at risk of defaulting as it owes $500 million it may not be able to pay. Finally, MIT Technology Review reported on Tuesday that morale inside the company is at an all-time low.

“State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change,” Craig Federighi, Apple’s senior vice president of Software Engineering, is quoted as saying in the press release. “Apple devices are the most secure consumer hardware on the market — but private companies developing state-sponsored spyware have become even more dangerous. While these cybersecurity threats only impact a very small number of our customers, we take any attack on our users very seriously, and we’re constantly working to strengthen the security and privacy protections in iOS to keep all our users safe.”

An Apple spokesperson declined to comment and referred to the press release.

An NSO spokesperson said in an online message that the company has yet to be notified of the lawsuit.

“NSO Group has not received anything regarding this issue,” the spokesperson said. “NSO Group develops software for law enforcement and intelligence agencies that are used every day to save lives around the world.”

Apple is the second Silicon Valley giant to sue NSO after WhatsApp sued in 2019. 

In the complaint Apple calls NSO “notorious hackers—amoral 21st century mercenaries who have created highly sophisticated cyber-surveillance machinery that invites routine and flagrant abuse.”

“NSO is the antithesis of what Apple represents in terms of security and privacy. While Apple creates products to serve and protect its users, NSO targets and attempts to exploit those products to harm Apple and its users,” the company writes in the complaint. 

Apple claimed that its security team has had to spend “thousands of hours addressing [NSO’s] abusive actions.” 

The company accused NSO of four counts: breaking the anti-hacking law, the Computer Fraud and Abuse Act or CFAA; California’s Business and Professions Code; of breaching the contract it accepted by using Apple software and hardware, given that NSO “created more than one hundred Apple IDs to carry out their attacks and also agreed to Apple’s iCloud Terms and Conditions (‘iCloud Terms’);” and of unjust enrichment “by profiting from the personal data they wrongfully obtained from Apple’s users’ devices through the improper use of Apple’s servers, which is the central component of their lucrative Pegasus spyware sold to customers and deployed against journalists, activists, and dissidents around the globe.”

Subscribe to our cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.