Apple sues NSO Group for attacking iPhones with Pegasus spyware

A woman with an iPhone standing in front of the NSO Group's office
The company has pledged any damages received will go to cybersecurity organisations. Photo credit: Getty Images

Apple has announced it is suing NSO Group, alleging the developers of the Pegasus spyware programme surveilled and targeted users of the tech giant's devices.

It has previously been reported the FBI had been investigating the Israeli-based company over the spyware allegedly being used to hack smartphones belonging to journalists, government officials and human rights activists around the world, including French President Emmanuel Macron.

As well as holding the NSO Group accountable, Apple is also seeking a permanent injunction to ban the organisation from using any Apple software, services, or devices "to prevent further abuse and harm to its users".

In September, Aotearoa's cybersecurity agency CERT NZ recommended Apple users update their software "as soon as possible" after an exploit developed by the NSO group was being used to break into devices.

"Attackers are exploiting a vulnerability referred to as 'ForcedEntry' which affects iOS, macOS, and watchOS which allows a remote attacker to gain access to a device without any user interaction," the agency wrote at the time.

The exploit was originally identified by the Citizen Lab, a research group at the University of Toronto. It was being used to install the latest version of the Pegasus software on compromised devices, Apple said. 

"State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability. That needs to change," Apple's senior vice president of software engineering Craig Federighi said.

The lawsuit is intended to send a clear message, said Ivan Krstić, head of Apple security engineering and architecture.

"In a free society, it is unacceptable to weaponise powerful state-sponsored spyware against those who seek to make the world a better place," he said.

"We will continue to work tirelessly to protect our users from abusive state-sponsored actors like NSO Group."

Apple said it is donating US$10 million and has pledged to further donate all damages received from the lawsuit to organisations pursuing cybersurveillance research and advocacy.

The Cupertino-based tech giant will also support Citizen Lab's researchers with pro-bono technical, engineering and threat intelligence assistance and has said it will offer that to other organisations doing similar work.

Apple's lawsuit was welcomed by Ron Deibert, director of Citizen Lab.

"Mercenary spyware firms like NSO Group have facilitated some of the world's worst human rights abuses and acts of transnational repression, while enriching themselves and their investors," he said.

"I applaud Apple for holding them accountable for their abuses, and hope in doing so Apple will help to bring justice to all who have been victimized by NSO Group’s reckless behaviour."