The noose is tightening in the United States around NSO Group, the Israeli maker of the controversial spy software Pegasus. Apple, annoyed that its iPhones have been pirated, has indeed taken legal action against the firm.
The company NSO is made up of “notorious pirates”, assert the lawyers of the Californian group which holds the firm responsible for the “malicious activities” of some of its clients, including governments. “They are amoral mercenaries of the 21st century who have created ultra-sophisticated cyber-surveillance machines, inciting flagrant and routine abuses,” they continue.
NSO believes it has saved “thousands of lives”
The apple brand, which had to repair a flaw exploited by the Pegasus software, is asking the court to permanently ban NSO’s programs on its devices and services. An international media collective revealed this summer that Pegasus had made it possible to spy on the numbers of journalists, politicians, activists or business leaders from different countries, including French President Emmanuel Macron.
“Thousands of lives have been saved around the world thanks to NSO Group technologies,” defended a spokesperson for the firm, contacted by AFP. “Pedophiles and terrorists can flourish freely within the confines of the technological equipment at their disposal, and we provide legal tools to governments to combat them. NSO Group will continue to fight for the truth, ”he added.
Pegasus allegedly exploited a vulnerability to infect iPhone
In September, Apple urgently fixed a computer vulnerability that Pegasus was able to exploit to infect iPhones, without users even having to click on trapped links or buttons, in a process known as “zero-click”. However, the Californian group has notably built its success on its excellent reputation in terms of security and respect for privacy.
“In the consumer electronics market, Apple devices are the most secure, but companies that develop spyware on behalf of states have become even more dangerous,” said Craig Federighi, vice-president. Apple’s president in charge of software, quoted in a press release. “Even though these cybersecurity threats affect only a small number of our customers, we take all attacks against our users seriously,” he continued.
NSO in the list of banned companies in the United States
The complaint comes as other US companies and authorities have taken action against the Israeli publisher. In early November, Washington added NSO Group to its list of banned companies.
“The United States is determined to use export controls in an incisive way to hold accountable companies that develop, commercialize or use technologies for malicious purposes, which threaten the cybersecurity of members of civil society or government, dissidents, and organizations based here and abroad, ”said US Secretary of Commerce Gina Raimondo. The Israeli group said it was “appalled” by this decision, assuring that NSO has a “rigorous ethical charter, based on American values”.
“This must change”
In 2019, WhatsApp admitted to being infected with Pegasus, and its parent company Facebook sued NSO Group, accusing it of using its messaging system to spy on journalists and human rights defenders. About 1,400 smartphones had been compromised, according to the complaint. In early November, a US appeals court dismissed NSO’s immunity request.
“It is likely that Apple has been preparing this file for some time, but was waiting for the matter with WhatsApp to progress,” commented Jake Williams, chief technology officer at cybersecurity firm BreachQuest. “This is not good news for NSO, which would be in danger of going bankrupt with more than $ 500 million in debt, governance problems and France which is retracting its orders because of US sanctions,” said he added.
Saudi activist’s iPhone infected
According to researchers at Citizen Lab, the University of Toronto’s cybersecurity organization, Pegasus had been exploiting a loophole in iMessage, Apple’s messaging system, since at least February 2021. They had discovered that a Saudi activist’s iPhone had been infected.
“State-funded groups like NSO Group spend millions of dollars designing sophisticated surveillance technologies, without having to answer for the consequences. This must change, ”said Craig Federighi.
In early November, a new investigation revealed that Pegasus had been used to hack the phones of members of Palestinian NGOs recently placed on Israel’s “terrorist groups” list. The investigation carried out by the European group Frontline Defenders concluded, after cross-checking with the Citizen Lab and Amnesty International, that six laptops had been infected with the software.