Apple has filed a lawsuit against Israeli cyber firm NSO Group and its parent company OSY Technologies for allegedly targeting US Apple users with its Pegasus spyware.
The iPhone maker said it is also seeking to ban NSO Group from using any Apple software, services, or devices to prevent further abuse, Reuters reports.
The Pegasus Project revealed that the spyware, made and licensed by NSO Group, had been used in attempted and successful hacks of 37 smartphones belonging to journalists, government officials, and human rights activists.
At least ten governments were involved in abusing the spyware, with three countries targeting the most users. Mexico had 15,000 requests, while Algeria and the UAE had 10,000 requests, respectively.
The spyware acts through iPhone and Android mobile devices and lets it access messages, emails, photos, or even secretly record calls and activate microphones.
Apple is the latest in a string of companies and governments to come after the maker of the Pegasus hacking tool. NSO has also faced either legal action or criticism from Microsoft, Meta, Alphabet, and Cisco. Earlier this month, US officials placed the company on a trade blacklist.
NSO is allegedly involved in circumventing security for products made by these companies and selling that circumvention in the form of hacking tools to foreign governments, Reuters reports.
NSO says it sells its tools only to governments and law enforcement agencies and has safeguards in place to prevent misuse.
"Pedophiles and terrorists can freely operate in technological safe-havens, and we provide governments the lawful tools to fight it. NSO Group will continue to advocate for the truth," a spokesperson said in a statement.
In its complaint, Apple said NSO's tools were used in "concerted efforts in 2021 to target and attack Apple customers" and that "US citizens have been surveilled by NSO's spyware on mobile devices that can and do cross international borders."
Apple claims that NSO Group created fake Apple ID user credentials to carry out its attacks. Even though the iPhone maker claims that its servers were not breached, NSO misused and manipulated them to deliver the attacks.
Interestingly, Apple also alleged that NSO Group was directly involved in providing consulting services for the attacks, while NSO has maintained that it sells its tools to clients.
"Defendants force Apple to engage in a continual arms race: Even as Apple develops solutions and enhances the security of its devices, Defendants are constantly updating their malware and exploits to overcome Apple's own security upgrades," Apple claims.
An endemic problem
According to the global database of commercial spyware, private surveillance tools are being made by dozens of companies and used by at least 65 governments worldwide, including Poland, Italy, Spain, and the US.
With use cases ranging from spying on politicians by anti-corruption agencies in Poland to compiling databases of LGBT citizens and religious minorities in Indonesia, commercial spyware companies are now being deployed by states as private intelligence agencies.
While most autocratic regimes use these powerful tools to sidestep their lack of technological know-how, democracies tend to employ private companies in order to circumvent their own laws that prohibit warrantless surveillance by their state security apparatus.
Due to their unique technological know-how, the states that host spyware companies tend to treat them akin to arms manufacturers and see their products as strategic assets that they can export in exchange for money, resources, or diplomatic leverage.
More from CyberNews
Subscribe to our newsletter