Apple on Tuesday sued NSO Group and its parent company, accusing the Israeli firm of violating a federal anti-hacking law by selling potent software that clients have used to spy on Apple customers.
The lawsuit, filed in a federal court in California, alleges that NSO’s spyware, known as Pegasus, and other malware have caused Apple monetary and property damages, and violated the human rights of Apple users along the way.
“To prevent further abuse and harm to its users, Apple is also seeking a permanent injunction to ban NSO Group from using any Apple software, services, or devices,” Apple said in a statement.
In a statement Tuesday, NSO Group did not address the specifics of the lawsuit and instead said the firm’s technology saves lives.
NSO Group provides “lawful tools” to help governments fight pedophiles and terrorists, the firm said.
While NSO Group has long maintained that it only sells its software to authorized users for law enforcement and counterterrorism purposes, researchers have for years uncovered evidence that Pegasus has been used to surveil dissidents and human rights activists.
Researchers from the University of Toronto’s Citizen Lab in September said that an unidentified party was using Pegasus, and a vulnerability in Apple operating software, to spy on a Saudi activist.
The lawsuit is the latest setback for NSO Group, which cybersecurity analysts and human rights activists have long accused of doing business with repressive governments. The firm’s easy-to-use spyware is capable of eavesdropping on a phone’s communications and accessing other sensitive data on the device, according to researchers.
The US Commerce Department this month added NSO Group to its so-called “entity list,” effectively banning the company from buying software components from US vendors without a license. Commerce accused NSO Group, and another Israeli firm known as Candiru, of providing spyware to foreign governments that “used these tools to maliciously target” journalists, embassy workers and activists.
In a statement at the time, NSO Group said it was “dismayed by the decision given that our technologies support US national security interests and policies by preventing terrorism and crime, and thus we will advocate for this decision to be reversed.”
“We look forward to presenting the full information regarding how we have the world’s most rigorous compliance and human rights programs that are based [on] the American values we deeply share,” according to the statement, “which already resulted in multiple terminations of contacts [sic] with government agencies that misused our products.”
Candiru could not be reached for comment at the time.
Apple is at least the second major US tech firm to sue NSO Group. Facebook (now known as Meta) in 2019 sued NSO Group for allegedly facilitating the breach of 1,400 phones running the WhatsApp messaging application.
NSO Group has denied the allegations made by Facebook, and tried to block the case from moving forward. But a US appeals court this month ruled that the lawsuit could proceed.
Apple said it would contribute $10 million, plus any damages from the lawsuit, to “organizations pursuing cybersurveillance research and advocacy.”
The lawsuit seeks unspecified punitive damages from NSO Group, as well as “compensatory damages in an amount to be proven at trial.”
NSO Group is just one of several firms that sell specialized hacking tools to break into different types of mobile phones.
In its lawsuit, Apple’s lawyers reflected on what it called a “continual arms race” between Apple engineers and NSO Group’s code-writers.
“Even as Apple develops solutions and enhances the security of its devices, Defendants are constantly updating their malware and exploits to overcome Apple’s own security upgrades,” the complaint states.