Apple sues NSO Group, accusing it of spying on users in new lawsuit

The company seeks to block the Israeli tech firm from using any Apple software, services or devices, in addition to pursuing damages – which it promises to donate to groups fighting spyware misuse.
By Kat Jercich
12:19 PM

Apple announced this week that it was suing NSO Group, an Israeli surveillance technology company, in federal court for allegedly accessing users' devices without authorization.  

In addition to damages, the tech giant is seeking to block NSO Group from accessing or using any Apple products, or developing spyware that could be used on Apple products in the future.  

"State-sponsored actors like the NSO Group spend millions of dollars on sophisticated surveillance technologies without effective accountability," said Craig Federighi, Apple’s senior vice president of software engineering, in a statement. "That needs to change."  

Apple devices are "the most secure consumer hardware on the market," he contended, but "private companies developing state-sponsored spyware have become even more dangerous.  

"While these cybersecurity threats only impact a very small number of our customers, we take any attack on our users very seriously, and we’re constantly working to strengthen the security and privacy protections in iOS to keep all our users safe," Federighi added.  

NSO Group offered a statement to Healthcare IT News in response to requests for comment.  

"Thousands of lives were saved around the world thanks to NSO Group's technologies used by its customers," said NSO Group representatives. "Pedophiles and terrorists can freely operate in technological safe-havens, and we provide governments the lawful tools to fight it. NSO Group will continue to advocate for the truth."  

WHY IT MATTERS

NSO Group says its surveillance technology is used by government intelligence and law enforcement agencies to track criminals.  

But as Apple outlines in its complaint, the company's spyware has reportedly been used against journalists, human rights activists, dissidents, public officials and others.

This month, the U.S. Department of Commerce included the NSO Group in its Entity List for "engaging in activities that are contrary to the national security or foreign policy interests of the United States." Specifically, the agency said that NSO Group had enabled foreign governments, via its spyware, to "maliciously target" individuals such as embassy workers and academics and to "conduct transnational repression."  

In its complaint, Apple zeroed in on "FORCEDENTRY," an exploit for a vulnerability used to break into a victim's device and install NSO Group's Pegasus spyware product.   

The company accused attackers of creating Apple IDs to send malicious data to a victim's device, which then allowed NSO Group or its clients to surreptitiously deliver Pegasus.  

"On information and belief, Defendants provide consulting and expert services to their clients, assist them with their deployment and use of Pegasus, and participate in their attacks on Apple devices, servers and users," according to the complaint. Although Apple has not observed any evidence of successful remote attacks against devices running iOS 15 or later, it said that each attack carries substantial costs for the company, including the necessity to redirect resources.  

"In the meantime, on information and belief, Defendants continue with their pernicious efforts to target and harm Apple and its customers by infecting, exploiting, and misusing Apple devices and software," said the complaint.  

The company also announced that it would be contributing any damages from the lawsuit, plus an extra $10 million, to organizations pursuing cybersurveillance research and advocacy.  

"At Apple, we are always working to defend our users against even the most complex cyberattacks," said Ivan Krstić, head of Apple Security Engineering and Architecture, in a statement.   

"The steps we’re taking today will send a clear message: In a free society, it is unacceptable to weaponize powerful state-sponsored spyware against those who seek to make the world a better place."  

THE LARGER TREND

Nation-states have increasingly relied on sophisticated software to carry out governmental objectives. 

As Errol Weiss, H-ISAC chief security officer, pointed out in an interview with Healthcare IT News earlier this month, cyber-offensive capabilities have now become the norm, not the exception.

"A few years ago, you could count maybe a few dozen countries that had a decent, offensive cyber capability. And now it's probably the opposite," he said. The U.S. government has raised the alarm about these developments, most recently regarding an Iran-sponsored hacker group targeting healthcare.

ON THE RECORD  

"Our threat intelligence and engineering teams work around the clock to analyze new threats, rapidly patch vulnerabilities, and develop industry-leading new protections in our software and silicon," said Apple's Krstić in a statement.

"Apple runs one of the most sophisticated security engineering operations in the world, and we will continue to work tirelessly to protect our users from abusive state-sponsored actors like NSO Group," he said.

Kat Jercich is senior editor of Healthcare IT News.
Twitter: @kjercich
Email: kjercich@himss.org
Healthcare IT News is a HIMSS Media publication.

Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.