According to officials, Apple has filed a lawsuit against Israeli spyware firm NSO Group and its parent company Q Cyber, seeking a permanent injunction barring NSO Group from accessing Apple devices, software, and services. The lawsuit is aimed squarely at NSO Group’s primary business: developing sophisticated surveillance equipment that allows users to spy on target devices.
NSO Group customers conducted cyberattacks against iPhones early this year, possibly harming thousands of Apple users, including activists, journalists, and politicians. According to a statement by Craig Federighi, Apple’s senior VP of software engineering, state-sponsored entities, such as the NSO Group, spend millions of dollars on advanced monitoring technology with little meaningful accountability. Something has to be done about it.
Apple claims that NGO Group’s spyware is “much more devious and frequently extremely complex” than conventional consumer malware. It enables well-resourced individuals, such as sovereign governments, to pay millions of dollars to attack people with information relevant to the NSO Group customer attacking them.
According to the lawsuit, these criminal acts “have abused Apple’s devices, injured Apple’s users, and harmed Apple’s company and goodwill.” NSO Group’s products have caused the firm to devote “thousands of hours” to researching the attacks, evaluating the degree of the damage, and generating the necessary fixes and patches. According to Apple’s complaint, it will seek reimbursement for losses sustained due to the assaults. At trial, the amount will be determined.
The company mentioned in its complaint that FORCEDENTRY, a zero-click exploit targeting a now-patched flaw, was previously used to hack into Apple devices and install the latest version of NSO Group’s spyware. The University of Toronto’s Citizen Lab discovered FORCEDENTRY in March.
Apple claims that FORCEDENTRY may have been aimed at a small number of users. It is contacting them and additional users who may be affected by future conduct consistent with a state-sponsored attack. Apple officials stated in a statement that the firm expects to donate $10 million to groups that pursue cybersurveillance and advocacy, as well as any damages from the lawsuit.